http://readwrite.comhttp://readwrite.com/site/images/apple-touch-icon.pnghack - ReadWritehttp://readwrite.comTempestMon, 03 Aug 2015 00:18:45 GMTMon, 03 Aug 2015 00:18:45 GMT<!-- tml-version="2" --><p>With photos to back it up, <a href="http://www.theverge.com/2015/4/9/8375931/android-wear-iphone-google-apple-compatible">the Verge</a> reported Thursday that Google is definitely developing an Android Wear app for use on the iPhone. This is the second time such news has made its way to the Web, having <a href="http://readwrite.com/2015/03/03/google-android-wear-app-ios">first been reported in March</a> on French tech site <a href="http://www.01net.com/editorial/647721/exclu-01net-google-va-lancer-une-version-iphone-dandroid-wear/">01net</a>.</p><p>Before that, an enterprising tinkerer had figured out a way to <a href="http://readwrite.com/2015/02/23/android-wear-moto-360-iphone-smartwatch-hack-ios">connect his Moto 360 with his iPhone</a>. There's even an app on the Play Store right now that claims to connect Android Wear devices with an iPhone (though my own attempts to do so with my iPad have all failed so far).&nbsp;</p><p>Google’s official response to my inquiry on this report has been the standard “We have nothing to announce at this time.” But the photos—showing both a Moto 360 and a G Watch R displaying iOS-specific notifications—make it seem pretty clear that the app is happening.</p><p>The real questions, however, are whether Apple would actually have the guts to allow it to show up on its App Store—and what Google has to gain by provoking Apple in the first place.</p><h2>Apptagonism</h2><p>As we’ve discussed before, Apple isn’t completely opposed to letting other companies’ wearable companion apps into the App Store. Pebble, Fitbit, and Microsoft all have apps available in the App Store that link non-Apple devices with the iPhone.</p><p>That said, Apple is still selective in terms of which devices will get its full support. Neither Fitbit nor the Microsoft Band are <a href="http://www.wareable.com/sport/apps-that-work-with-apple-health-kit-compatible">compatible with Apple’s Health App</a>; they have to&nbsp;rely on standalone apps, or in the case of Fitbit, <a href="http://appleinsider.com/articles/14/11/19/sync-solver-bridges-the-gap-between-apples-health-app-and-fitbit-devices">third-party workarounds</a>. </p><figure><img src="http://a3.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTI5MzY1ODAwNjE5Mzk1MDgy.png"><figcaption><a href="https://play.google.com/store/apps/details?id=com.shiitakeo.android_wear_for_ios">androd_wear_for_ios by shiitakeo</a> on the Google Play Store</figcaption></figure><p>Apple has even less incentive to allow any kind of Android Wear capability onto iOS, simply because Android Wear devices and the Apple Watch are such direct competitors. Add Google and Apple’s longstanding mobile rivalry, and it seems even less likely.</p><p>At the same time, it’s difficult not to see Google's potential iOS app as a gibe at Apple’s walled-off ecosystem. Assuming Google isn’t developing the app with Apple’s cooperation—which seems reasonable given their antagonistic relationship—an Android Wear app for iOS would only exist as a testament to Apple’s refusal to play nice.</p><h2>The Pursuit of Appiness</h2><p>However, Apple would actually have plenty to gain by opening its software doors to Google. For starters, it could show that Apple isn’t afraid to show off the Apple Watch’s superiority to Android Wear.</p><p>If iPhone users truly want to go for a less expensive wearable, they ought to be able to. And if the Apple Watch truly is the superior device, those cheapskates might realize their mistake before too long.</p><p>More important, however, Apple opening its doors to Android Wear might also mean the eventual appearance of an Apple Watch app on the Google Play Store. With Android’s worldwide market share exceeding that of the iPhone, allowing those mobile users to connect a shiny new Apple Watch might be a great business move. (If somewhat at odds with Apple's apparent desire to hook its users specifically into its services.)</p><figure><img src="http://a4.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTI5MzY1NzMwMDIwODU3MTA2.png"><figcaption><a href="androd_wear_for_ios by shiitakeo on the Google Play Store">androd_wear_for_ios by shiitakeo</a> on the Google Play Store</figcaption></figure><p>Remember, the iPod was once an Apple-exclusive device. It became a true hit once a Windows-compatible version was released. The Apple Watch is the first new product to come from the company in years. Opening up its potential to users on non-Apple platforms would be a smart way for the company to ensure it’s as much of a hit as the iPod, iPhone, and iPad before it. </p><p><em>Android Wear on iPhone images via <a href="https://play.google.com/store/apps/details?id=com.shiitakeo.android_wear_for_ios">shiitakeo on Google Play Store</a></em></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/i1_LN8GlXx0" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/i1_LN8GlXx0/google-android-wear-app-for-iphone-more-evidencehttp://readwrite.com/2015/04/09/google-android-wear-app-for-iphone-more-evidenceThu, 09 Apr 2015 21:13:26 GMThttp://readwrite.com/2015/04/09/google-android-wear-app-for-iphone-more-evidence<!-- tml-version="2" --><figure><img src="http://a2.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTI4MzE5MDQzODA2NDgwMzk0.jpg"><figcaption></figcaption></figure><p>Clever Android developer Mohammad Abu-Garbeyyeh<a href="http://forum.xda-developers.com/member.php?u=2011359"></a>&nbsp;<a href="http://forum.xda-developers.com/member.php?u=2011359">managed to get his Android Wear smartwatch working</a> with an iPhone, no jailbreak required.&nbsp;</p><p>To make it happen,&nbsp;Abu-Garbeyyeh used Apple's own&nbsp;<a href="http://readwrite.com/2013/09/19/api-defined">application programming interfaces (APIs)</a>—the same ones&nbsp;that Pebble relies on to support iOS devices.&nbsp;</p><blockquote><p><strong>See also: <a href="http://readwrite.com/2015/02/17/pebble-android-wear-notifications">How Pebble Became The Cheapest Android Smartwatch Around</a></strong></p></blockquote><p>It's the first time we've seen Google's wearable software work with iOS.&nbsp;Here's more on how the hack works.&nbsp;</p><h2>Have iPhone, Wear Travel&nbsp;</h2><p>Apple offers developers a way to tie into its notifications: the Apple Notification Center Service (ANSC) APIs.&nbsp;According to&nbsp;<a href="https://developer.apple.com/library/ios/documentation/CoreBluetooth/Reference/AppleNotificationCenterServiceSpecification/Introduction/Introduction.html">the Apple iOS Developer Library</a>, ANCS gives Bluetooth accessories "a simple and convenient way to access many kinds of notifications that are generated on iOS devices."&nbsp;</p><p>Using that, Abu-Garbeyyeh managed to get&nbsp;basic iPhone notifications to show up on an Android Wear device (in this case, a Moto 360).&nbsp;"The goal is to only carry an iPhone and an Android Wear smartwatch," said the developer in <a href="http://www.androidbeat.com/2015/02/developer-android-wear-to-work-with-iphone/">a comment on Android Beat</a>.&nbsp;</p><p>A short demo video provides the evidence.&nbsp;</p><div tml-external-provider="youtube" tml-external-id="DIIYmVSc9Yw" tml-embed-src="https://www.youtube.com/watch?v=DIIYmVSc9Yw" tml-render-layout="inline" tml-embed-thumbnail="http://i.ytimg.com/vi/DIIYmVSc9Yw/hqdefault.jpg"></div><p>However, the functionality is limited. The commands can't go back in the other direction. In other words, no voice control features or Google Now–powered pop-ups, as Android Wear users get when connected to Android mobile devices.&nbsp;<br tml-linebreak="true"></p><h2>Lowering The Smartwatch Walls</h2><p>Abu-Garbeyyeh himself has said very little about the hack and hasn't yet made the source code available. What's more, it's not clear if Apple or Google will block the functionality, particularly if it starts to see wider use.&nbsp;</p><p>Whatever the long-term prospects for this particular project, it highlights the barriers as some manufacturers limit smartwatch compatibility to only certain smartphones. Tizen-based Samsung Gear watches, which only work with Samsung handsets, are prime examples. So is, of course, the upcoming Apple Watch—Apple's official wearable designed from the ground up to work with the company's iPhones.&nbsp;</p><blockquote><p><strong>See also: <a href="http://readwrite.com/2015/02/17/htc-samsung-lg-stick-with-google-android-wear">Hey, Samsung, LG And HTC—Shunning Android Wear Is A Huge Mistake</a></strong></p></blockquote><p>Google makes many of its top-tier apps available on iOS, and Android Wear product manager Jeff Chang has <a href="http://www.huffingtonpost.co.uk/2014/10/23/google-android-wear-ios_n_6035512.html">previously said</a> that he would be "very interested" in adding iPhone compatibility in the future. It would be a smart move for Google. Limiting Android Wear devices is unlikely to boost handset sales, and it leaves the field clear for Pebble to establish itself as the number one cross-platform smartwatch.&nbsp;</p><p>If Android Wear ever officially added iOS support into the mix, the platform would suddenly broaden its appeal.&nbsp;Mohammad Abu-Garbeyyeh's hack is evidence that compatibility is possible.</p><p><em>Lead image courtesy of Motorola</em></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/DZG9-tvfx0E" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/DZG9-tvfx0E/android-wear-moto-360-iphone-smartwatch-hack-ioshttp://readwrite.com/2015/02/23/android-wear-moto-360-iphone-smartwatch-hack-iosMon, 23 Feb 2015 17:54:56 GMThttp://readwrite.com/2015/02/23/android-wear-moto-360-iphone-smartwatch-hack-ios<!-- tml-version="2" --><figure><img src="http://a5.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTI2ODg0MDY0NjMxMjQ0ODEw.jpg"><figcaption></figcaption></figure><p>This holiday season, would-be freedom fighters in limited markets will have the opportunity to stick it to some vague concept of "The Man."&nbsp;In a move that isn't so much as a &nbsp;Christmas miracle as an excellent opportunity to take advantage of the publicity generated by comedy that <a href="http://www.rottentomatoes.com/m/the_interview_2014/">received lukewarm reviews in advance screenings</a>—yet possibly inspired an historically devastating corporate cyberattack—Sony Pictures Entertainment announced it will show the assassination comedy in select movie theaters starting on Dec. 25.&nbsp;</p><p>This is an about-face from last week, when Sony declared it wouldn't release <em>T</em><em>he Interview</em> after bomb threats caused major theater chains to cancel showings. Despite the movie's plot—characters played by James Franco and Seth Rogen are tasked by the CIA with assassinating head of state Kim Jong-un—<a href="http://readwrite.com/2014/12/17/us-intelligence-north-korea-hacked-sony">North Korea denies </a>responsibility for both&nbsp;the threats and the hack that leaked a mountain of embarrassing Sony emails and documents on the Internet.&nbsp;</p><blockquote tml-bad-render-layout="inline"><p><strong>See also: <a href="http://readwrite.com/2014/12/15/sony-pictures-entertainment-north-korea-hack-emails-cease-and-desist">"Stop Sharing Our Humiliating Emails!" Sony Lawyer Demands</a></strong></p></blockquote><p>That's poppycock according to the U.S. government, which claims evidence that North Korea is behind the attack. President Barack Obama promised retaliation shortly after Sony announced the movie's cancellation, and coincidentally or not, North Korea suffered a mass Internet outage of nonspecific origins on Monday.&nbsp;</p><p>On Tuesday, with news that Sony would contract with some theaters to show the Interview, Sony Entertainment <a href="http://recode.net/2014/12/23/sonys-the-interview-is-coming-to-a-few-theaters-after-all/">CEO Michael Lynton said in a press statement </a>that the studio always intended to show the movie in some capacity.&nbsp;</p><blockquote tml-bad-render-layout="inline"><p><strong>See also:&nbsp;<a href="http://readwrite.com/2014/12/20/sony-the-interview-north-korea-distribute-for-free">Unleash Seth Rogen On North Korea ... Via BitTorrent!</a></strong></p></blockquote><p>"We are proud to make it available to the public and to have stood up to those who attempted to suppress free speech,”&nbsp;Lynton&nbsp;said, though it's not clear whether or not the irony is intended. Continuing its threats&nbsp;to hold news agencies "responsible" for publishing Sony documents freely available on the Internet following the breach, the multinational corporation is reportedly <a href="http://www.wired.com/2014/12/sony-twitter-legal-action/">threatening to sue Twitter</a> if it doesn't suspend users sharing hacked content on its platform.&nbsp;</p><p><a href="http://www.nytimes.com/2014/12/24/business/media/sonys-the-interview-will-come-to-some-theaters-after-all.html?smid=tw-share&amp;_r=1">The New York Times</a><a href="http://www.nytimes.com/2014/12/24/business/media/sonys-the-interview-will-come-to-some-theaters-after-all.html?smid=tw-share&amp;_r=1"></a> reports that Sony will likely release The Interview in 200 to 300 smaller theaters. So far, the 30-theater Alamo Drafthouse chain (pretty much the only place to see a movie, in this reporter's opinion) and the Plaza in Atlanta are confirmed.&nbsp;</p><p>Perhaps Sony can use the box office proceeds to bolster its free speech legal fund, and maybe put what's left over toward shoring up its firewalls.&nbsp;</p><p><em>Lead image from The Interview by Sony Pictures Entertainment</em></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/7hM_XvMuOio" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/7hM_XvMuOio/sony-the-interview-movie-theaters-free-speechhttp://readwrite.com/2014/12/23/sony-the-interview-movie-theaters-free-speechTue, 23 Dec 2014 20:06:33 GMThttp://readwrite.com/2014/12/23/sony-the-interview-movie-theaters-free-speech<!-- tml-version="2" --><figure><img src="http://a2.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTI2ODgzNjY2MjcyOTg3Nzc5.jpg"><figcaption></figcaption></figure><p>Sony Pictures Entertainment has started <a href="http://www.scribd.com/doc/250802459/Sony-Letter-to-Twitter">issuing legal threats</a> to Twitter and its users in its latest attempt to stem the spread of its internal documents following its epic hack by a group of hackers possibly linked to North Korea.&nbsp;</p><p>According to Motherboard, Sony has sent <a href="http://www.scribd.com/doc/250802459/Sony-Letter-to-Twitter">a letter</a> to Twitter saying that if Twitter does not remove tweets with private Sony information, it "will have no choice but to hold Twitter responsible for any damage or loss" resulting from said tweets.&nbsp;</p><p>The letter also requests the suspension of one <a href="https://twitter.com/bikinirobotarmy">@BikiniRobotArmy</a>, an account run by Val Broeksmit, a musician Sony accuses of having disseminated leaked information.&nbsp;</p><p><a href="http://readwrite.com/2014/12/15/sony-pictures-entertainment-north-korea-hack-emails-cease-and-desist">Earlier this month</a>, Sony sent similar letters&nbsp;to publications including the New York Times, Recode and the Hollywood Reporter, demanding that they stop publishing information obtained from internal Sony emails <em>and</em> to destroy existing copies.&nbsp;Twitter general counsel Vijaya Gadde has <a href="http://www.bizjournals.com/sanfrancisco/print-edition/2014/03/14/vijaya-gadde-twitter-corporate-counsel.html?page=all">said previously</a> that Twitter is committed to improving transparency with its users.&nbsp;</p><p>North Korea was implicated by U.S. intelligence sources as being <a href="http://readwrite.com/2014/12/17/us-intelligence-north-korea-hacked-sony">"centrally involved"</a> in the cyber attack on Sony, and on Friday, President Barack Obama said that the U.S. would respond. As of Monday, North Korea experienced an extended internet outage, with <a href="http://www.usatoday.com/story/news/world/2014/12/23/north-korea-internet-web-disrupted-goes-down/20806265/">intermittent outages</a> on Tuesday as well.&nbsp;</p><p>This is familiar ground for Sony in a way, as the company was subject to a <a href="http://www.reuters.com/article/2011/04/26/us-sony-stoldendata-idUSTRE73P6WB20110426">2011 security breach</a> involving the personal data of over 70 million Playstation users. According to Bloomberg Businessweek, Sony had been warned about another&nbsp;security breach in its network a year ago by an outside contractor.&nbsp;</p><p><em>Photo by <a href="https://www.flickr.com/photos/beegee49/8579709594">Brian Evans</a></em></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/JfTcoep7FwI" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/JfTcoep7FwI/sony-hacked-legal-threats-twitter-usershttp://readwrite.com/2014/12/23/sony-hacked-legal-threats-twitter-usersTue, 23 Dec 2014 19:59:04 GMThttp://readwrite.com/2014/12/23/sony-hacked-legal-threats-twitter-users<!-- tml-version="2" --><figure><img src="http://a3.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTI2NzQ5ODk5NTE2NTk0MTg2.jpg"><figcaption></figcaption></figure><p>Just as Sony Pictures canned the premiere of&nbsp;<em>The Interview</em>, the film that triggered its now-infamous cyber attack, U.S. intelligence sources <a href="http://www.nytimes.com/2014/12/18/world/asia/us-links-north-korea-to-sony-hacking.html?smid=tw-share&amp;_r=0">told <em>The New York Times</em></a> Wednesday that North Korea was indeed “centrally involved” in the hack.&nbsp;</p><p>North Korean leader Kim Jong Un previously <a href="http://readwrite.com/2014/12/08/north-korea-praises-sony-hack">denied responsibility</a>, but unnamed “senior administration officials” now tell&nbsp;<em>The Times</em> they have reason to believe the country was behind the exploit: Data forensics unearthed a computer that had been previously used in cyberattacks on South Korea. The evidence strongly suggests—though does not definitively prove—North Korea’s involvement.&nbsp;</p><blockquote tml-bad-render-layout="inline"><p><strong>See also: <a href="http://readwrite.com/2014/12/09/sony-attack-message-north-korea-suspicion?utm_source=feedburner&amp;utm_medium=feed&amp;utm_campaign=Feed:%2Breadwriteweb%2B(ReadWriteWeb)#!">Latest Message From Sony Attackers Puts Suspicion On North Korea</a></strong></p></blockquote><p>The White House hasn’t yet decided whether to publicly point any fingers, said the sources, even though it essentially considers the matter a cyberterrorism campaign. But diplomacy is key. Tensions between North Korea and the U.S. could easily escalate—particularly since <a href="http://variety.com/2014/film/news/sony-hackers-threaten-911-attack-on-movie-theaters-that-screen-the-interview-1201380712/">the latest threats</a> levied by the supposed attackers on Tuesday invoked the terrorist attacks of September 11, 2001.</p><blockquote tml-bad-render-layout="inline"><p>Warning</p><p>We will clearly show it to you at the very time and places "The Interview" be shown, including the premiere, how bitter fate those who seek fun in terror should be doomed to.&nbsp;</p><p>Soon all the world will see what an awful movie Sony Pictures Entertainment has made.</p><p>The world will be full of fear.</p><p>Remember the 11th of September 2001.</p><p>We recommend you to keep yourself distant from the places at that time.</p><p>(If your house is nearby, you'd better leave.)</p><p>Whatever comes in the coming days is called by the greed of Sony Pictures Entertainment.&nbsp;</p><p>All the world will denounce the SONY.</p></blockquote><p>Sony put the kibosh on release plans Wednesday, as several theaters—including Regal Entertainment, AMC Theaters, Cinemark and Carmike Cinemas—canned their plans to show the comedy, which features an assassination plot against Kim Jong Un.&nbsp;</p><blockquote tml-bad-render-layout="inline"><p><strong>See also: <a href="http://readwrite.com/2014/12/15/sony-pictures-entertainment-north-korea-hack-emails-cease-and-desist">"Stop Sharing Our Humiliating Emails!" Sony Lawyer Demands</a></strong></p></blockquote><p>Sources at both NBC News and <em>USA Today</em> have corroborated <em>The New York Times</em> report, those outlets tweeted, though <em>Wired</em>&nbsp;<a href="http://www.wired.com/2014/12/north-korea-did-not-hack-sony-probs/">finds the evidence rather weak</a>.&nbsp;</p><p><em>Lead image courtesy of Sony</em></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/Pr-iM8Aicw4" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/Pr-iM8Aicw4/us-intelligence-north-korea-hacked-sonyhttp://readwrite.com/2014/12/18/us-intelligence-north-korea-hacked-sonyThu, 18 Dec 2014 01:27:58 GMThttp://readwrite.com/2014/12/18/us-intelligence-north-korea-hacked-sony<!-- tml-version="2" --><p>The new vanity plate for tech's mega-vendors is a programming language. It could also become an effective lock-in strategy.</p><p>As <a href="https://medium.com/backchannel/my-computer-language-is-better-than-yours-58d9c9523644">Scott Rosenberg writes</a>, "In war ... the winners write the history books. In tech, the winning companies are writing the programming languages." Hence today we have Hack (Facebook), Go (Google) and Objective-C/Swift (Apple), just as Microsoft had C#.&nbsp;</p><p>Such languages aren't simply a different way to write applications. They're a way for the mega-vendors to keep developers corralled within the vendors' walled gardens. Should we be concerned?</p><h2>Open But Proprietary?</h2><p>Maybe, maybe not.&nbsp;After all, while language lock-in can constrain a developer community for a time, eventually it breaks, as <a href="http://www.indeed.com/jobtrends?q=C%23%2C+Swift%2C+Hack%2C+Golang&amp;l=&amp;relative=1">we're seeing with C#</a>:</p><figure><img src="http://a3.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTI2NTgwMzQ0MTM5ODQ4MTU4.png"><figcaption>Source: Indeed.com</figcaption></figure><p>The problem, however, is that the future is being written in increasingly proprietary programming languages. Not necessarily proprietary in the sense that you can't access their innards—Hack and Go, for example, are both open source.&nbsp;But proprietary in the sense that the language derives from one company, with all its idiosyncrasies baked in.</p><p>This is very different from the past decades of the open Web, as Rosenberg suggests:</p><blockquote><p>The Internet was built on open standards and code, but the era of social networks and the cloud is dominated by corporate giants. And they are beginning to put their unique stamps on the thought-stuff of digital technology — just as inevitably as William the Conqueror and his Normans imported <em>tranches</em> of early French into the nascent English tongue, in ways that still shape our legal and financial language.</p></blockquote><h2>Gentle, Loving Overlords</h2><p>Which isn't to say these languages are being imposed on the world by evil overlords. In the case of Go, which Redmonk analyst <a href="http://redmonk.com/dberkholz/2014/03/18/go-the-emerging-language-of-cloud-infrastructure/">Donnie Berkholz styles</a> the "emerging language of cloud infrastructure," it's taking off because of "its mastery of concurrent operations and the beauty of its construction," as <a href="http://readwrite.com/2014/03/21/google-go-golang-programming-language-cloud-development">I've written</a>.</p><p>It's a great programming language for modern-day development, in other words.</p><p>&nbsp;But the problem, following Rosenberg, is that declaring allegiance to one language tends to block you from others. Developers simply don't have time to master a number of competing development platforms:</p><blockquote><p>For developers, then, choosing a language is like choosing citizenship in a country. You’re not only buying into syntax and semantics. You’re buying into economics and culture, the rules that shape how you earn your livelihood and the forces that channel your hopes and dreams.</p></blockquote><p>This is very clearly seen in mobile development,&nbsp;as <a href="http://www.visionmobile.com/product/developer-economics-q3-2014/">VisionMobile's Developer Economics report</a> illustrates:&nbsp;</p><figure><img src="http://a2.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTI2NTc5OTczNDMwNTA1NDQy.png"><figcaption></figcaption></figure><h2>Open Sourcing A Way Out?</h2><p>To their credit, Google and Facebook have open sourced their respective languages, making the likelihood of them becoming open standards more likely. Apple, however, has not, and almost certainly will not.&nbsp;</p><p>Open isn't really in Apple's DNA.</p><p>Which is why it's almost certainly true that Apple may be discussing open sourcing Swift, as <a href="http://lists.cs.uiuc.edu/pipermail/llvmdev/2014-June/073698.html">Chris Lattner offers</a>. But it's equally true that if Apple really cared about Swift being open, this would have been top of its list of to-dos, not an afterthought.&nbsp;</p><p>Maybe it won't matter. Java-happy Android, after all, is increasingly the default for mobile developers. Yes, iOS still pays the biggest developer paychecks, but iOS, the Swift programming language and the <a href="https://twitter.com/mjasay/status/540982995034071040">entire Apple mobile ecosystem are closed</a>, which should give developers pause before they opt to enlist in the Apple army.&nbsp;</p><p><em>Image courtesy of <a href="http://www.shutterstock.com">Shutterstock</a></em></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/qqiMrqWyShU" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/qqiMrqWyShU/go-swift-hack-corporate-languages-new-lock-inhttp://readwrite.com/2014/12/11/go-swift-hack-corporate-languages-new-lock-inThu, 11 Dec 2014 20:30:00 GMThttp://readwrite.com/2014/12/11/go-swift-hack-corporate-languages-new-lock-in<!-- tml-version="2" --><figure><img src="http://a4.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTI0NzcyMjcxMDg3NzQyOTQ2.jpg"><figcaption></figcaption></figure><p>For the second time in two iPhone releases, mobile-security firm Lookout has&nbsp;<a href="https://blog.lookout.com/blog/2014/09/23/iphone-6-touchid-hack/">tested and bested</a> the security of Touch ID. </p><p>Touch ID lets users unlock the iPhone 5S, iPhone 6, and iPhone 6 Plus just by putting their <a href="http://readwrite.com/2013/09/11/goodbye-swipe-to-unlock-hello-touch-id">fingerprint over a sensor on the home button</a>. By requiring a fingerprint to unlock the device and make purchases within the App Store, with Apple Pay, or through third-party developers, Apple is trying to make your data and information more secure. </p><p>So what happens if it’s hacked? </p><p>Lookout’s principal security researcher Marc Rogers hacked Touch ID on the 5S last year, and now he's done it again. Through a CSI-like process, he was able to unlock an iPhone 6 using a fake fingerprint made of glue. </p><p>With such a fingerprint facsimile in hand, an attacker could theoretically take over someone’s iPhone to make purchases or steal the owner's photographs, email, texts or other personal information. It sounds like a plot from a prime-time crime drama—and so it’s probably only a matter of time until iPhone fingerprint hacks hit the big screen. </p><p>While the thought of someone accessing your phone with a copied fingerprint might make you uncomfortable, don’t worry. Accessing a device the way Rogers did takes significant skill, time and effort. And, <a href="http://readwrite.com/2013/09/11/goodbye-swipe-to-unlock-hello-touch-id">as we reported last year</a>, a malicious attacker can’t use a finger that’s, well, detached from your body.</p><p>Rogers says consumers shouldn’t worry too much about the potential for duping the system.</p><p>“I don’t see this to be a risk to consumers in any way because I don’t think criminals are sophisticated enough,” Rogers said in an email interview. “It is difficult to make these fingerprints—think of Touch ID as being the equivalent of a door lock. It's there to stop the average criminal from getting access, or in the case of Touch ID, claiming they are you.”</p><p>Not only does a potential hacker need a clear print from their target that can be lifted by using <a href="https://blog.lookout.com/blog/2013/09/23/why-i-hacked-apples-touchid-and-still-think-it-is-awesome/">super glue fumes and fingerprint powder</a>, they will also have to get access to lab equipment to photograph, print, and then cast the fingerprint using chemicals and smearing it with glue. Unless you have access to a crime laboratory, the equipment is prohibitively expensive.</p><figure><img src="http://a3.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIzMDQ5NjY1MzQwNjcxNTAw.jpg"><figcaption></figcaption></figure><p>Through the experiment, Rogers discovered that there’s virtually no measurable improvement in the fingerprint sensors between the iPhone 5S and the iPhone 6, except that he got fewer “false negatives,” on the iPhone 6, meaning the reading was clearer.</p><p>Even though Rogers is impressed with the technology, he says Apple could do more to keep devices secure. Some improvements, he says, could include limits on the number of unlocking attempts a device will allow, a fallback to a passcode when the device hasn’t been used for a specific amount of time, and “best practices” suggested by Apple which may include using different fingers for different authentication.</p><p>“I was hoping to see improvements in the Touch ID sensor that show Apple is working to come up with a solution that cannot be fooled as easily,” he said. “However, while I can't say Apple isn't working on this, I don't see any significant signs of improvement in this version despite the fact that it is now going to be used for payments.”</p><p><em>Lead photo by Selena Larson for ReadWrite; iPhone 6 and iPhone 5S image courtesy of Lookout</em></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/NqQJIa9Mg_E" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/NqQJIa9Mg_E/iphone6-touch-id-fingerprint-hackhttp://readwrite.com/2014/09/23/iphone6-touch-id-fingerprint-hackTue, 23 Sep 2014 19:24:02 GMThttp://readwrite.com/2014/09/23/iphone6-touch-id-fingerprint-hack<!-- tml-version="2" --><figure><img src="http://a5.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIzMDQ5NjY0Mjc2Njk0NTQw.jpg"><figcaption>Apple CEO Tim Cook</figcaption></figure><p>Apple said it will introduce more security alerts and better educate consumers about why and how to use iCloud in the wake of an&nbsp;<a href="http://readwrite.com/2014/09/03/apple-icloud-nude-photo-theft-two-factor-authentication">iCloud breach</a>&nbsp;in which hackers obtained personal and revealing pictures of female celebrities and posted them online.</p><p>CEO Tim Cook <a href="http://online.wsj.com/news/article_email/tim-cook-says-apple-to-add-security-alerts-for-icloud-users-1409880977-lMyQjAxMTA0MDAwNDEwNDQyWj">told the Wall Street Journal</a> that the company will start alerting people through email and mobile push notifications when anyone tries to change a password on an Apple account, restore iCloud data to a device that isn't yet registered with the account, or when a new device logs into iCloud.</p><blockquote><p><strong>See Also:&nbsp;<a href="http://readwrite.com/2014/09/03/apple-icloud-nude-photo-theft-two-factor-authentication">How Apple Made Its Users Vulnerable To iCloud Theft</a></strong></p></blockquote><p>Cook also gave more information on what it originally said was a "highly targeted attack," describing the way hackers correctly guessed the celebrities' security question answers.&nbsp;</p><p>Apart from beefing up security measures, Cook said the company needs to do a better job of providing information to consumers—it's not just the tech that needs a boost.&nbsp;</p><p>"When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece," he told the newspaper. "I think we have a responsibility to ratchet that up. That's not really an engineering thing."</p><p>Cook said Apple will begin using push notifications to alert users within the next two weeks.</p><p><em>Lead image by <a href="https://www.flickr.com/photos/igrec/6082648816">Valery Marchive</a>&nbsp;</em></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/vSZhZ-qf32o" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/vSZhZ-qf32o/apple-increase-security-post-icloud-leakhttp://readwrite.com/2014/09/05/apple-increase-security-post-icloud-leakFri, 05 Sep 2014 20:44:20 GMThttp://readwrite.com/2014/09/05/apple-increase-security-post-icloud-leak<!-- tml-version="2" --><figure><img src="http://a2.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIzNjEzMTg5NTQ0Mzc5OTE4.jpg"><figcaption></figcaption></figure><p>The massive iCloud hack that exposed <a href="http://readwrite.com/2014/09/02/celebrity-photo-leak-apple-icloud-victim-blaming-slut-shaming">photos of female actresses</a> stored in their personal Apple accounts, has left many—including myself—scrambling to change their passwords.</p><p>Some speculated that the hack was due to a vulnerability in Apple’s Find My iPhone feature, with which hackers used a “brute force” attack to guess the passwords on celebrities’ accounts, <a href="http://thenextweb.com/apple/2014/09/01/this-could-be-the-apple-icloud-flaw-that-led-to-celebrity-photos-being-leaked/">The Next Web reported</a>.&nbsp;</p><p>Apple has since denied those reports, instead claiming it was a <a href="http://9to5mac.com/2014/09/02/apple-confirms-very-targeted-attack-on-celebrities-denies-icloud-breach/">“very targeted attack”</a> on usernames, passwords, and security questions—the keys to nearly any online account.</p><p>If celebrities can be attacked, so can you. So what can you do?</p><h2>Understand The Cloud</h2><p>Strong passwords are just one way Internet users can protect themselves from having their data stolen by malicious attackers. And photos aren’t the only things we have to worry about. Everyone tut-tutting actresses for taking risqué photos should think twice about where their personal data is stored. Oh, that’s right—it's in the cloud, too.</p><p>The thing about “the cloud,” is that no one really understands it. It's a deliberately vague term for computer servers you access over the Internet.</p><p>Remember the scene from <em>Zoolander</em> when Owen Wilson's character suddenly has an epiphany that “<a href="https://www.youtube.com/watch?v=TV3Oncvz_cU">the files are <em>in</em> the computer</a>”—and then tears open the machine looking for them? When it comes to the cloud, our understanding hasn't improved much.&nbsp;</p><p>Even CNN doesn’t know how to explain the cloud to viewers. It ran a story with the lower third “Leaked Nude Pics May Be From The Cloud.”</p><div tml-external-provider="twitter" tml-external-id="samfbiddle:506829776657850368" tml-embed-src="https://twitter.com/samfbiddle/status/506829776657850368"></div><p>Cloud servers are like any computer: You can put files on them, and access them later. Since they're on the cloud, you don't have to have access to a physical device, or worry about how much space your laptop's hard drive has, since cloud servers typically have far more space than our own personal machines do.&nbsp;</p><p>The tradeoff for this convenience is security. If you can access your files using a username and password, so can anyone else who gets ahold of your credentials. And you have to rely on those companies to implement smart versions of the latest security protocols.</p><p>Cloud storage service likes Dropbox, Box and Google Drive make it simple to save and share files. iCloud, Apple’s cloud storage, automatically backs up your information like photos and documents, in case your phone or laptop needs to be replaced.</p><p>We have a fundamental expectation of privacy and security when using these services, especially when a company is automatically backing up the information to its servers. But that expectation can fail us.</p><h2>Find The Right Cloud Storage</h2><p>It’s hard to completely secure your cloud storage without jumping through a lot of hoops, which we'll get to shortly. But the first step is figuring out where you want your documents to be stored. </p><p>Don’t sign up for new cloud services without researching it. That includes reading the privacy policies of any company you agree to give your data to. Do they have encryption built in? Do they give your data to governments when requested? Do they control their own servers, or do they rent out servers from other companies? (Dropbox and Apple, for example, both use Amazon's servers for a portion of their online services.)</p><p>If security is your top priority, you might consider services like <a href="http://windows.microsoft.com/en-us/windows/two-step-verification-faq">SpiderOak</a>, which automatically encrypts all your data and prevents even the company from knowing what you’re uploading. But that means giving up the ease of sharing files with friends through Dropbox or collaborating with colleagues using Google Drive.</p><p>For most of us, convenience usually wins out. You should at least know that you're making that tradeoff, however.</p><h2>Use Secure Passwords</h2><p>According to Apple, the hackers targeted usernames, passwords and security questions, which are the first lines of defense for users.</p><p>Simply changing an “S” to a “$” does not make your password secure—especially if you recycle that password from site to site. Hackers attack less secure services and harvest usernames and passwords—and then try them on other services.</p><div tml-external-provider="twitter" tml-external-id="jessysaurusrex:506547099773992960" tml-embed-src="https://twitter.com/jessysaurusrex/status/506547099773992960"></div><p>Adding unique characters along with letters and numbers is smart, but so is using passwords that are hard, if not impossible, to guess. The best passwords are a collection of random letters, numbers and punctuation, without any words you'd find in the dictionary. And each online account should have a different, complex password.&nbsp;</p><p>Does that sound impossible to keep track of? It pretty much is, unless you get some computerized assistance. Password managers like&nbsp;<a href="https://agilebits.com/onepassword">1Password</a> and <a href="https://lastpass.com/">LastPass</a> provide a way to save and manage passwords, and you can carry and access your data on multiple devices.</p><h2>Enable Two-Step Verification</h2><p>If someone is trying to illegally access your personal information from the cloud by using your password, you might not realize it—unless you have two-step verification enabled. </p><p>With two-step verification, it’s necessary for you to input two different pieces of data in order to access your personal information. Typically, that's your password and a different code sent as a text or generated by an app on your mobile device. The code will change each time you log in.</p><p>Two-step verification can be frustrating and time-consuming, which is why many consumers elect to ignore it. But it saves you from having to clean up the potential mess a hacker could make with your credit card information or naked pictures stolen from the cloud.</p><p><a href="https://www.google.com/landing/2step/">Google</a>, <a href="https://www.dropbox.com/help/363">Dropbox</a>, <a href="http://support.apple.com/kb/ht5570">Apple</a>, <a href="https://support.box.com/hc/en-us/articles/200526658-Can-I-enable-2-step-verification-for-my-account-">Box</a>, <a href="http://aws.amazon.com/iam/details/mfa/">Amazon Web Services</a> and <a href="http://windows.microsoft.com/en-us/windows/two-step-verification-faq">Microsoft</a>&nbsp;are just some of the companies that offer two-step authentication.</p><h2>Encrypt Your Files</h2><p>If you’re not using a service that automatically encrypts your files, like SpiderOak or <a href="https://mega.co.nz/">Mega</a>, you may want to encrypt them yourself.</p><p>Google, Dropbox and Microsoft don’t offer file encryption as a built-in feature. While they may encrypt your transmissions between data centers, once you're logged in, the files are available in unencrypted form. Most consumers don’t request it, because it can be difficult to use, and encryption can be complicated for companies to enable, <a href="http://www.wired.com/2014/06/cloud-encryption/">according to Wired</a>.&nbsp;</p><blockquote><p>Imagine Google Drive with no search capabilities, or Dropbox with no preview. None of those features would work with encrypted files, because they’d be unreadable by Google and Dropbox’s server software. And if Google doesn’t have the encryption keys it can’t help you out if you lose a password.</p></blockquote><p><a href="https://www.boxcryptor.com/">Boxcrytor</a> and <a href="http://www.viivo.com/">Viivo</a> both offer DIY cloud encryption, which means you can encrypt all your files before uploading them to the cloud. These companies won’t have access to your secret keys to decrypt files, which means your data is safe from prying eyes that don’t have access to your unique key.</p><p>Ultimately, we'll need better forms of protection. Apple's TouchID fingerprint sensor is an interesting example of authentication using biometrics, or physical aspects of our bodies. PayPal's Braintree aims to detect fraud by looking at information about how we're using our mobile phones at the time we make a transaction. Companies are using sophisticated behavioral modeling to detect hackers on their networks: Perhaps one day, we'll be protected by similar technology that can tell through the way we tap on our phone's keyboards or the time of day we access our devices that we are who we say we are.</p><p>Until then, we're left changing our passwords, enabling two-factor verification, and hoping for the best.&nbsp;</p><p><em>Lead image by&nbsp;<a href="https://www.flickr.com/photos/86530412@N02/14796090251">StockMonkeys</a></em></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/XP5lmioYcys" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/XP5lmioYcys/how-to-protect-cloud-fileshttp://readwrite.com/2014/09/02/how-to-protect-cloud-filesTue, 02 Sep 2014 22:31:17 GMThttp://readwrite.com/2014/09/02/how-to-protect-cloud-files<!-- tml-version="2" --><p>Sure, some day Google may well drive us around. But today we drive ourselves, assisted by roughly <a href="http://www.automotivesensors2014.com/">60 to 100 sensors per car</a>, a number expected to mushroom to 200 per car by 2020, or 22 billion in-vehicle sensors worldwide.&nbsp;</p><p>While all this data has the <a href="http://readwrite.com/2014/03/11/volkswagen-data-monster-privacy-google-self-driving-cars">potential to become a privacy nightmare</a>, it also presents a quandary for developers. Our cars are already eminently hackable in the worst sense of that word, as researchers at Black Hat recently <a href="http://www.scribd.com/doc/236073361/Survey-of-Remote-Attack-Surfaces">presented</a>. But they're also hackable in the positive sense, as <a href="https://www.carvoyant.com">Carvoyant</a>, a Florida-based startup aims to show.&nbsp;</p><blockquote><p><strong>See also: <a href="http://readwrite.com/2014/03/11/volkswagen-data-monster-privacy-google-self-driving-cars">Volkswagen: "The Car Must Not Become A Data Monster"</a></strong></p></blockquote><p>Carvoyant built a platform for developers that puts driver data first. With a tagline that would make Ayn Rand proud—"Your car. Your API. Your control"—Carvoyant just&nbsp;<a href="https://developer.carvoyant.com/">opened up a developer sandbox</a> that allows technologists to test their apps with simulated vehicle data. That means being able to see how an in-car app will respond without having to connect it in a vehicle, finding an appropriate road with the perfect amount of traffic, and then staging a service need of some sort.</p><p>In keeping with its tagline, the plan is to open source the simulation data.</p><h2>Your Car Is A Hack</h2><p>While cars seem like self-contained fortresses, they're anything but, as <a href="http://readwrite.com/2014/03/13/smart-car-hacks-vulnerability-security">Selena Larson has written</a>. As researchers Charlie Miller and Chris Valasek presented at Black Hat, the very things that make driving a pleasure—from keyless entry systems to Bluetooth-connected stereos—also make our cars permeable to outside hackers.&nbsp;</p><blockquote><p><strong>See also: <a href="http://readwrite.com/2014/03/13/smart-car-hacks-vulnerability-security">The Smart Car Will Be Hacked</a></strong></p></blockquote><p>How hackable? Well, here are some of the worst offenders, with "+" signs indicating that the car is more hackable, and "-" signs indicating it is less hackable:</p><figure><img src="http://a4.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIxNDI3Mjk1NDA1ODM1Nzg5.png"><figcaption>Credit: Charlie Miller and Chris Valasek</figcaption></figure><p>Suddenly that 2006 Ford Fusion is looking like a safer bet than that brand, spanking new Range Rover. And the Infiniti Q50? Forget about it.</p><p>But hackable cars aren't necessarily a bad thing.&nbsp;</p><p>After all, Ford, GM and other auto manufacturers are increasingly opening up key parts of their systems to outside developers. In fact, Ford has a <a href="https://developer.ford.com/">developer program</a> tailored for open source developers. Other initiatives like the <a href="http://openxcplatform.com/">OpenXC Platform</a>&nbsp;"use standard, well-known tools to open up a wealth of data from the vehicle to developers, even beyond OBD-II."</p><p>In other words, our cars are going to get hacked. The key is to make sure the good guys have the right tools to do this well.</p><p>Enter Carvoyant.</p><h2>Crashing Your Car In The Safety Of Your Own Home</h2><p>Carvoyant's new sandbox makes it easy for developers to build apps against automobile data without actually driving the car. Given that texting while driving is already illegal in many places, imagine what the police officer would say if she discovered you programming the car while driving. Bad idea.</p><p>As Carvoyant COO <a href="https://www.carvoyant.com/2014/08/14/whats-so-great-about-a-sandbox-anyway/">Renz Kuipers writes</a>:&nbsp;</p><blockquote><p>Today, if a developer wants to create a connected car app there are precious few places they can go to test it without actually connecting their own vehicle. It doesn’t take a lot to realize how inefficient and difficult this is. Plus, if the developer is using their own vehicle, that means they have to drive it to create the data they need ... which means they are developing against this live data ... which, itself, is kind of a problem. And it gets worse: once the developer is ready to take that finished app to market, they have nowhere to go.&nbsp;</p></blockquote><p>In other words, today, if developers want to build a connected car app, they have to use their own car. (And if, say, they want to build an app for crash detection, the only way to do that right now is to crash their own car.) Carvoyant replicated the production environment and added the ability for developers to programmatically add simulation data.</p><p>That's a big deal.&nbsp;</p><p>Still, there are at least two caveats, as Kuipers goes on to note. The sandbox matches Carvoyant’s production environment with two important distinctions:&nbsp;</p><p>1. It is not possible to connect a live vehicle to an account in this system; all of the data in this system is “fake.”</p><p>2. All developers have the ability to call an endpoint that allows them to create their own vehicle data; in this way, they can programmatically generate the vehicle data that they need to test their application.</p><h2>Open Sourcing The Data</h2><p>All of this would be interesting on its own, but it becomes more so given that Carvoyant doesn't lock up and hoard its data.&nbsp;</p><p>In an earlier <a href="https://www.carvoyant.com/2014/02/08/dont-openwash-connected-cars/">post</a>, Kuipers argues that to be truly open, a developer must be able to answer the following two questions in the affirmative: "Can you get the data?Can anybody who plays nice, play?"</p><p>Carvoyant's developer sandbox is just the start of a movement toward giving developers more control of their simulation data, but also of giving car owners real ownership of their car's data. Today that data is owned by the car or system manufacturer. Tomorrow it really should be owned by the person driving the car.</p><p>As <a href="https://www.carvoyant.com/2014/05/02/you-took-title-to-the-car-but-dont-you-own-the-data-too/">Kuipers notes</a>, "To us, it just seems like common sense that the data from something that you own should be yours. Yours to keep, yours to selectively dole out as you deem fit."</p><p>This will be welcome news to the developers who want to hack your car, and to you, the driver, who wants to control what they are allowed to do with the data.</p><p><em>Lead image by <a href="https://www.flickr.com/photos/viriyincy/2535350990">Oran Viriyincy</a></em></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/8BxM8rNEX4M" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/8BxM8rNEX4M/carvoyant-connected-car-app-simulation-hack-sandboxhttp://readwrite.com/2014/08/21/carvoyant-connected-car-app-simulation-hack-sandboxThu, 21 Aug 2014 17:10:07 GMThttp://readwrite.com/2014/08/21/carvoyant-connected-car-app-simulation-hack-sandbox<!-- tml-version="2" --><p>At its Worldwide Developer Conference last week, Apple announced its new programming language&nbsp;<a href="https://developer.apple.com/swift/">Swift</a>.&nbsp;It’s the latest in a rash of new languages developed by big tech companies, in some cases for specific use with their own platforms.</p><p>Apple has Swift for iOS developers; <a href="http://readwrite.com/2014/03/20/facebook-new-programming-language-hack">Facebook has Hack</a>, a language for back-end development. Google, meanwhile, has its own entries—the would-be Javascript replacement Dart and a new general programming language called Go.</p><p>This rash of new languages raises a number of issues for developers. Perhaps the most significant is one&nbsp;my colleague <a href="http://readwrite.com/author/adriana-lee#awesm=~oGfPbJlSrFBamJ">Adriana Lee</a>&nbsp;raised after Apple's Swift announcement:</p><div tml-external-provider="twitter" tml-external-id="adra_la:473537386266112000"></div><h2>A Computer-Language Babel</h2><p>There are already <a href="http://en.wikipedia.org/wiki/List_of_programming_languages">hundreds of programming languages</a> in existence, and more are popping into existence all the time. Many are designed for use in a relatively narrow range of applications, and large numbers never catch on beyond small groups of coders.</p><p>Similarly, big tech companies have been developing new languages for about as long as there have been big tech companies. The <a href="http://en.wikipedia.org/wiki/C_(programming_language)">seminal general-purpose language C</a>&nbsp;originated at AT&amp;T Bell Labs in the early 1970s. Java, now the primary language for development of Android apps, was <a href="http://en.wikipedia.org/wiki/Java_(programming_language)">born at Sun Microsystems</a> in the 1990s.</p><blockquote tml-render-position="right" tml-render-size="medium"><p><strong>See also:&nbsp;</strong><strong><a href="http://readwrite.com/2014/06/04/apple-swift-programming-language-wwdc#awesm=~oGfymR0ujwYtlf">Apple Wants Devs To Love Swift, Its Shiny New Language—But There's A Catch</a></strong></p></blockquote><p>What's different these days is the extent to which companies embrace new languages to further their specific business objectives—a process that also has the effect of creating a dedicated base of developers who are effectively "locked in" to a company's particular platform. That sort of dual strategy dates back at least to Sun's introduction of Java, which the company promoted as a way to challenge Microsoft's dominance on the PC desktop. (Things didn't work out the way Sun planned, although Java eventually found a home in enterprise middleware systems before Google adopted it for Android.)</p><p>It's also clearly Apple's goal with Swift. Should it live up to the company's early hype, Swift seems likely to simplify iOS app development by filing the rough edges off Objective-C, the current lingua franca of iOS and Mac OS X developers. But it will also require those same developers to learn the ins and outs of a new language that they're unlikely to use anywhere else.</p><h2>Why Companies Roll Their Own</h2><p>Which cuts against the ingrained "don’t reinvent the wheel” philosophy that animates most developers. So&nbsp;why don't more companies just adopt already existing languages to new uses?</p><p>One answer is simply that companies build their own languages because they can. Designing a new language can be complex, but it's not particularly resource-intensive. What's hard is building support for it, both in terms of providing software resources (shared code libraries, APIs, compilers, documentation and so forth) and winning the hearts and minds of developers. Companies are uniquely positioned to do both.</p><p>There's also the fact that existing languages are often difficult to shoehorn into today's complex code frameworks. Take, for instance, <a href="http://readwrite.com/2014/03/20/facebook-new-programming-language-hack">Facebook's decision to create Hack</a>, a superset of the <a href="http://en.wikipedia.org/wiki/PHP">scripting language PHP</a> that's commonly used in Web development.</p><p>Facebook's main goal with Hack—a common one these days—was to improve code reliability, in this case by enforcing data-type checking before a program is executed. Such checks ensure that a program won't, say, try to interpret an integer as a string of characters, an error that could yield unpredictable results if not caught. In Hack, those checks take place in advance so that programmers can identify such errors long before their code goes live.</p><p>According to Julien Verlaguet, a core developer on Facebook’s Hack team, the company first looked for an&nbsp;an existing language that might allow for more efficient programming. But much of Facebook was already built on PHP, and the company has built up a substantial software infrastructure to support PHP and its offshoots. While it's possible to make PHP work with code written in a different language, it's not easy—nor is it fast.</p><p>“Let’s say I try to rewrite our PHP codebase in Scala,” Verlaguet said. “It’s a well designed, beautiful language, but it’s not at all compatible with PHP. Everytime I need to call to PHP from the Scala part of the code base, I’ll lose performance speed. We would have liked to use an existing language but for us, it just wasn’t an option.”</p><p>Instead, Facebook invented Hack, which has enough in common with PHP that it can share the company's existing infrastructure. The vast majority of the Facebook codebase has been migrated from PHP to Hack, said Verlaguet, but the company has open sourced the language in hopes that independent developers will find uses for it outside of Facebook.&nbsp;</p><p>“You can still use PHP,” he said. “But we’re hoping you’ll want to use Hack.”</p><h2><strong>Who Holds The Power</strong></h2><p>Therein lies the balance of power between companies and developers. Companies can make their languages as specific as they like. But if developers don’t want to use them, nobody is going to—outside, that is, of anyone who might harbor hopes of one day working at the company that invented the language.</p><p>It’s not unusual for companies to make it easiest to develop in one language over another. For example, you would use Objective-C to develop iOS apps, but Java to develop Android apps.&nbsp;This has never been a major sticking point with developers because both Objective-C and Java are general purpose object-oriented languages. They’re useful for a number of purposes.&nbsp;</p><p>Hack, Dart, Go, and Swift, however, so far have only proven useful for particular company-designated programming solutions, usually in tandem with that company’s programming environment of choice. Granted, it may be too soon to judge. Hack, for example, <em>can</em> be used in several back-end implementations; it’s just so new that Facebook doesn’t yet have any data that people <em>want</em> to use it that way.</p><p>It’s not that developers aren’t capable of learning multiple languages. Most already do. Think of them like the Romance languages—if you know Spanish, it’ll be easier to learn French and so on than if you didn’t already know one. Likewise, if you already know Java, it’ll be easier to learn Ruby or Perl. And if you know PHP, you basically already know Hack.</p><p>On the contrary, it’s more of a question of habit. If Java already solves your specific problems, you don’t have any incentive to learn Ruby. And if you are happy coding iOS apps in Objective-C, you’re not going to feel very tempted to pick up Swift.</p><p>To some developers, though, ecosystem-specific languages just make life harder for everybody. Freelance designer Jack Watson-Hamblin, for instance, told me that initiatives like Apple's Swift risk overburdening programmers and fragmenting the developer community:</p><blockquote><p>It's important for programmers to know multiple languages, but forcing them to keep up with new languages all the time doesn't make sense. If I'm making a simple cross-platform app, I don't want to have to know four languages to do it. I only want to use the single-purpose language if I <em>really</em> need to.</p></blockquote><p>Watson-Hamblin argues that when companies each build their own language for their own needs, it slows down overall progress both by dividing the attention of coders and by enforcing a monolithic perspective on development within that language.&nbsp;"When companies are in charge of a language vs. an open-source community, it's like the difference between a corporation and a start-up," he said. Communities are more flexible and adaptive by definition.&nbsp;</p><p>Of course, Apple had <a href="http://blog.erratasec.com/2014/06/why-it-had-to-be-swift.html#.U58BJI1dXtA">a lot of very good reasons to start from scratch</a>&nbsp;with Swift, just as Facebook did when it invented Hack. That doesn't mean it's not going to force change on developers—some of it doubtless unwelcome.&nbsp;</p><p>“As new languages are invented, it gets more hegemonic,” said Verlaguet. “It can be frustrating to have to keep up. But on the other hand, you’re more likely to have a new language to fit your exact problem. Imagine the reverse—a world where programmers used the same language for everything. It’d be a language that could do everything poorly but nothing well.”&nbsp;</p><p><em>Lead image by <a href="https://www.flickr.com/photos/ruiwen/3260095534">Flickr user Ruiwen Chua</a>, CC 2.0</em></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/p_G45El226M" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/p_G45El226M/apple-swift-facebook-hack-google-darthttp://readwrite.com/2014/06/17/apple-swift-facebook-hack-google-dartTue, 17 Jun 2014 11:49:00 GMThttp://readwrite.com/2014/06/17/apple-swift-facebook-hack-google-dart<!-- tml-version="2" --><p>Failed bitcoin exchange Mt. Gox said <a href="https://www.mtgox.com/img/pdf/20140320-btc-announce.pdf">it found 200,000 bitcoins</a> on March 7 in a “forgotten” wallet the company thought no longer held bitcoin. Mt. Gox said in a statement the bitcoins were discovered in an “old-format” wallet used prior to 2011.</p><p>The company allegedly found the wallet one week after <a href="http://readwrite.com/2014/02/28/mt-gox-bankruptcy-protection-bitcoin">Mt. Gox filed for bankruptcy protection</a>&nbsp;because it allegedly lost bitcoin deposits worth $380 million.</p><blockquote tml-render-position="right" tml-render-size="medium"><p><strong>See also:&nbsp;<a href="http://readwrite.com/2014/02/28/mt-gox-bankruptcy-protection-bitcoin">Bitcoin Exchange Mt. Gox Files For Bankruptcy Protection</a></strong></p></blockquote><p><a href="http://www.reuters.com/article/2014/03/21/us-bitcoin-mtgox-wallet-idUSBREA2K05N20140321">According to Reuters</a>, Mt. Gox acknowledged finding the bitcoins only after a U.S. judge in Chicago overseeing a class-action lawsuit against Mt. Gox allowed the exchange’s bitcoins to be tracked.&nbsp;</p><p>In an email to Reuters, the lawyer for the plaintiff in that case said he had been previously monitoring the bitcoins, and Mt. Gox decided to come forward only after realizing they had been tracked.</p><blockquote><p>Today in court we got relief ... specifically to track the 180,000 bitcoins, which we've been monitoring. Hours later, Mt. Gox claimed it "found" these bitcoins ... it appears Mt. Gox realized we were close and decided to acknowledge that it owned these 180,000-200,000 bitcoins.</p></blockquote><p>The sudden discovery of the forgotten bitcoins will likely provide only more questions than answers surrounding the collapse of Mt. Gox. It is still <a href="http://readwrite.com/2014/02/27/mt-gox-bitcoin-loss-theft-mark-karpeles">unclear how thieves stole</a> 744,408 bitcoins—well, make that 544,708 bitcoins—and caused Mt. Gox to crumble.&nbsp;</p><p><em>Image courtesy of <a href="http://www.flickr.com/photos/100239928@N08/9714198380/">BTC Keychain on Flickr</a></em></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/Q-8MNhKJw9E" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/Q-8MNhKJw9E/mt-gox-forgotten-wallet-found-bitcoinhttp://readwrite.com/2014/03/21/mt-gox-forgotten-wallet-found-bitcoinFri, 21 Mar 2014 17:37:41 GMThttp://readwrite.com/2014/03/21/mt-gox-forgotten-wallet-found-bitcoin<!-- tml-version="2" --><figure><img src="http://a5.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyMzAwNzMxMzUxOTE5ODk3.jpg"></figure><p>Beth Jacob, Target's chief information officer, is resigning her position effective today, <a href="http://finance.yahoo.com/news/target-tech-chief-resigns-overhauls-141802901.html">the AP reports</a>. Though the company claims the move was Jacob's decision, some analysts say she became a "scapegoat" in the wake of a credit card hack that exposed 40 million <a href="http://readwrite.com/2013/12/31/atm-cards-debit-cards-credit-cards-hackers-skimmers">Target customers' financial data</a> in December 2013.&nbsp;</p><p>The massive data breach that hit customers during the holiday season was partly at fault for the <a href="http://www.forbes.com/sites/greatspeculations/2014/02/28/bleak-holiday-season-data-breach-and-canadian-losses-dampen-targets-q4-results-but-outlook-is-better/">company's below-average fourth-quarter</a> earnings, as consumers apparently lost confidence in the company's security. It also highlighted the <a href="http://readwrite.com/2014/02/27/credit-cards-magnetic-stripe-swiping">fundamental insecurity of our current system of plastic payment cards</a>.</p><p><em>Image courtesy of <a href="http://www.flickr.com/photos/jeepersmedia/12766333693/sizes/l/">Jeepers Media on Flickr</a><br tml-linebreak="true"></em></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/Qi1hXGnYMww" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/Qi1hXGnYMww/target-cio-resignationhttp://readwrite.com/2014/03/05/target-cio-resignationWed, 05 Mar 2014 19:20:55 GMThttp://readwrite.com/2014/03/05/target-cio-resignation<!-- tml-version="2" --><p></p><figure><img src="http://a4.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyMjkzMTU1MDI5NjE1MjA2.jpg"></figure><p>Naoki Hiroshima <a href="https://medium.com/p/24eb09e026dd">survived an Internet security nightmare</a>&nbsp;earlier this week, though not without first acquiescing to the demands of the person who hacked him.&nbsp;</p><p>Someone claimed to obtain the personal information and passwords of Hiroshima's GoDaddy and PayPal accounts, changed them, and held the accounts as hostage. All he asked for was one thing: access to Hiroshima’s Twitter account.</p><p>Hiroshima’s account is one of the very few precious accounts that are only one letter—@N. Many Twitter users want to get their hands on limited usernames, like those containing one letter or the ones belonging to the elusive first name Twitter club. But this hacker went so far as to compromise other accounts linked to Hiroshima's business and financial information.</p><p>The hacker described his tactics in an email to Hiroshima.</p><blockquote><p>- I called paypal and used some very simple engineering tactics to obtain the last four of your card (avoid this by calling paypal and asking the agent to add a note to your account to not release any details via phone)</p></blockquote><blockquote><p>- I called godaddy and told them I had lost the card but I remembered the last four, the agent then allowed me to try a range of numbers (00-09 in your case) I have not found a way to heighten godaddy account security, however if you’d like me to recommend a more secure registrar i recommend: NameCheap or eNom (not network solutions but enom.com)</p></blockquote><p>PayPal claims <a href="https://www.paypal-forward.com/leadership/paypal-takes-your-security-seriously/">Hiroshima’s account was not compromised</a>, and the company never provided the alleged hacker with any personal details. GoDaddy, on the other hand, was duped.</p><p> GoDaddy CEO Blake Irving confirmed to ReadWrite that the company was “socially engineered,” meaning the hacker manipulated GoDaddy into divulging personal information by posing as the account owner.</p><p>I reached out to the alleged hacker, and he told me in our initial email contact he would be willing to share his story. Unfortunately, it appears he deleted his email account and broke off all contact with me. I'll update the story with his comments if I hear back.&nbsp;</p><h2>Twitter Handles Are Precious Real Estate</h2><p>After reading about Hiroshima’s experience, a handful of other Twitter users claimed their accounts had received similar hacking attempts.</p><p><a href="http://jshbrynt.com/">Josh Bryant</a>, founder of file sharing service Droplr and the owner of the @jb Twitter account, <a href="http://d.pr/n/KUMK">also suffered an extortionist hack</a>.&nbsp;In his case, the hacker compromised his Amazon Web Services account, putting his entire business in jeopardy—simply because the attacker wanted to own his Twitter handle.&nbsp;</p><p>One way hackers attempt to get access to Twitter accounts is through the “forgot password” link on a user’s account. People can find out if someone is attempting to access their account when they receive password reset emails.</p><p>Kevin Cheng, CEO of <a href="http://incredible.io">Incredible Labs</a> in San Francisco and owner of the Twitter account @k, told me he used to frequently receive password reset emails, but once Twitter began requiring some personal information to ask for a reset password, those attempts mostly stopped.&nbsp;</p><p>The company&nbsp;<a href="http://readwrite.com/2013/05/22/twitter-finally-gets-two-factor-authentication">implemented two-factor authentication last May</a>&nbsp;as a&nbsp;way to prevent would-be hackers from attempting to access Twitter profiles.&nbsp;With two-factor authentication, users can choose to protect their Twitter accounts by providing a phone number that Twitter can text anytime someone attempts to login to their account from a new device.&nbsp;</p><h2>You’ll Pay How Much For My Name?</h2><p>What struck me after reading Hiroshima's blog post about his Twitter extortion was that he had been offered as much as $50,000 for his username. And he turned it down.</p><p>Multi-thousand dollar offers for Twitter handles aren't unusual. <a href="http://nypost.com/2013/09/25/getting-a-handle-on-twitter-branding/">According to the <em>New York Post</em></a>, JPMorgan Chase, the banking and financial services company, offered Chase Giunta, owner of the @Chase Twitter handle, $20,000 for his username.&nbsp;</p><p>Buying and selling usernames is against the rules on Twitter, but there is little the company can do to combat it. Most deals are done quickly and quietly—money exchanges through PayPal accounts and the Twitter handle is transferred.</p><p>While frowned upon by the establishment, this practice happens more often than you might think.</p><p>Squatting and flipping valuable usernames isn't a phenomenon exclusive to Twitter. My <a href="https://twitter.com/ChuckReynolds/status/414177180990464000">friend pointed out</a> that he used to do the same for Gmail email addresses when the service first launched.</p><p></p><figure><img src="http://a2.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyMzAwNjU5NDExMjE3Njg5.png"></figure><p>Twitter is aware its users are in the market for usernames. But beyond chastising the buyer or seller, there is little they do.&nbsp;</p><p>Joshua Ziering, subversive marketer and founder of <a href="http://killswit.ch">Killswitch</a> in San Francisco, has bought and sold around six Twitter usernames. He said it largely happens privately behind the scenes, sometimes initiated with a Twitter direct message.</p><p>Ziering said he spent time as a “fixer,” and was responsible for getting people and companies things like domain names, Twitter handles and other social media properties.&nbsp;</p><p>“It is a lot of work to track down these people, contact them, then negotiate for all the assets,” Ziering said. “Once someone knows they own the Twitter handle your company wants, they charge much more. Especially if you've been funded publicly.”</p><p>Michael O’Donnell, photographer and proud owner of the @photo Twitter handle, has been approached numerous times for his username. O’Donnell said he was contacted frequently in early 2013, but interest has since dropped off. One account offered him $350 for his Twitter handle, an offer he declined.</p><h2>Righting Twitter Wrongs</h2><p>For some, like the companies Ziering helped facilitate, owning the right Twitter handle is important for a brand image. But for malicious hackers, sometimes they want to acquire an account just for the fun of it.&nbsp;</p><p>Hiroshima’s hacker wanted nothing more than to own the username. It wasn’t for the followers—after the hacker took control of the account @N had just around 300 followers. It was simply because they could.&nbsp;</p><p>This puts Twitter in an interesting position. The company deals with account hijackings fairly regularly—if someone’s account is hacked, Twitter can suspend the account and work with the rightful owner to get things back to normal. Unfortunately, because Hiroshima gave the hacker access to his account willingly, albeit because of blackmail, the situation became a little more difficult for the company to control.</p><p>It appears <a href="https://twitter.com/mat/status/428768261514092544">Twitter suspended the @N account</a> in an effort to put things back to normal, but it was compromised once again by another user before Hiroshima got it back.&nbsp;</p><p>Account hijackings aren’t unique to Twitter; it’s a consequence of online living. There are certain precautions to take, like implementing two-factor authentication and maintaining strong passwords, to better prevent potential security breaches.&nbsp;</p><p>It’s unlikely those of us with generic Twitter usernames will ever be approached to give up our handle, or be hacked specifically for it. But Hiroshima’s experience serves as an unfortunate reminder of just how insecure our online properties can be, and how simple it is for the system to be manipulated.&nbsp;</p><p><em>Lead image via <a href="http://www.flickr.com/photos/eldh/">eldh on Flickr</a>.</em></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/vento9OiVYs" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/vento9OiVYs/the-not-so-secret-black-market-of-twitter-handleshttp://readwrite.com/2014/01/31/the-not-so-secret-black-market-of-twitter-handlesFri, 31 Jan 2014 14:35:00 GMThttp://readwrite.com/2014/01/31/the-not-so-secret-black-market-of-twitter-handles<!-- tml-version="2" --><p></p><figure><img src="http://a4.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyMzAwNjYxODI3MTM2Nzkz.png"></figure><p>Yahoo said it has been the target of a <a href="http://yahoo.tumblr.com/post/75083532312/important-security-update-for-yahoo-mail-users">security attack aimed at Yahoo Mail users</a>. Yahoo identified a coordinated effort to gain control of email accounts. Yahoo did not specify how many users or accounts were affected.</p><p>The Yahoo Mail usernames and passwords used in the hack were likely collected from a compromised third-party database, the company <a href="http://yahoo.tumblr.com/post/75083532312/important-security-update-for-yahoo-mail-users">said in a blog post</a>.&nbsp;Yahoo is resetting passwords of affected accounts and using two step authentication, including SMS notifications to to further secure accounts.&nbsp;</p><p>The company said it is working with federal law enforcement to determine who was responsible for the hack.</p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/3jJNUkuEah4" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/3jJNUkuEah4/yahoo-mail-security-breachhttp://readwrite.com/2014/01/31/yahoo-mail-security-breachFri, 31 Jan 2014 00:27:00 GMThttp://readwrite.com/2014/01/31/yahoo-mail-security-breach<!-- tml-version="2" --><p>Don't say we didn't warn you. Bad guys have already <a href="http://investors.proofpoint.com/releasedetail.cfm?ReleaseID=819799">hijacked up to 100,000 devices in the Internet of Things</a> and used them to launch malware attacks,&nbsp;Internet security firm <a href="http://www.proofpoint.com/">Proofpoint</a>&nbsp;said on Thursday.&nbsp;</p><p>It's apparently the first&nbsp;recorded large-scale&nbsp;Internet of Things hack.&nbsp;Proofpoint found that the compromised gadgets—which included everything from routers and smart televisions to at least one smart refrigerator—sent more than 750,000 malicious emails to targets&nbsp;between December 26, 2013 and January 6, 2014.</p><blockquote tml-render-position="right" tml-render-size="medium"><p><strong>See also: <a href="http://readwrite.com/2013/09/18/internet-of-things-security-disaster-terrorism-war">The Internet Of Things Might Try To Kill You</a></strong></p></blockquote><p>The hack came to light over the relatively quiet holiday period when a&nbsp;security researcher at Proofpoint noticed a spike in thousands of malicious messages sent from a range of IP addresses she didn’t recognize, David Knight, a Proofpoint executive in charge of information security products, told me in an interview.</p><p>Curious, she began pinging the devices and soon realized that they weren’t PCs, the usual platform for launching this sort of attack. Instead, many were otherwise unidentified devices running a standard version of Linux. Pinging one device brought up a login screen that said: Welcome To Your Fridge. She typed in a default password—something like “admin” or "adminadmin," Knight said—and suddenly had access to the heart of someone's kitchen.</p><p>As the age of Smart Everything dawns, it's also bringing online a host of largely unsecured smart devices like TVs, refrigerators and even toasters. Those devices are often trivial for knowledgeable hackers to compromise, opening new opportunities for malicious actions of various kinds—of which the malware attack Proofpoint identified may be among the mildest.</p><p>“Embedded operating systems deployed in firmware tend to be old, not patched very frequently, and there are known vulnerabilities to virtually all of them,” Knight said.&nbsp;Proofpoint’s investigation highlights how vulnerable connected devices are and how easy it is for hackers to take advantage of them.&nbsp;</p><h2>Hacking The Home</h2><p>Craig Heffner, a security researcher that teaches a class on exploiting connected devices, <a href="http://readwrite.com/2013/12/30/connected-home-invasion-hack-internet-of-things-home-security">told ReadWrite in December</a>&nbsp;that&nbsp;his students are usually surprised by the lack of security in connected home devices.</p><blockquote tml-render-position="right" tml-render-size="small"><p><strong>See Also: <a href="http://readwrite.com/2013/12/30/connected-home-invasion-hack-internet-of-things-home-security">Connected Home Invasion: You've Seen The Madness, Here Are The Methods</a></strong></p></blockquote><p>“If you look at the vulnerabilities being published, they’re not sophisticated,” he said. “Usually, the vendor put a back door in the product and someone took advantage.”&nbsp;</p><p>Worse, connected home devices often running on outdated software may be difficult or even impossible to patch. Security expert Bruce Schneier&nbsp;detailed the wild insecurities of the Internet of Things <a href="http://www.wired.com/opinion/2014/01/theres-no-good-way-to-patch-the-internet-of-things-and-thats-a-huge-problem/">in a recent column for <em>Wired</em></a>:</p><blockquote><p>[I]t’s often impossible to patch the software or upgrade the components to the latest version. Often, the complete source code isn’t available. Yes, they’ll have the source code to Linux and any other open-source components. But many of the device drivers and other components are just “binary blobs” — no source code at all. That’s the most pernicious part of the problem: No one can possibly patch code that’s just binary.</p></blockquote><p>Malware isn't the only thing people have to worry about. Knight said hackers could use compromised smart devices to launch distributed denial of service (DDoS) attacks aimed at knocking target Websites offline, mine bitcoins, or store stolen or otherwise illicit data.</p><p>Knight suggests the first step in protecting your gadgets is to change the default passwords. Beyond that, if you don’t need your device connected to the Internet, then don’t connect it.</p><p>“Don’t plug it in if you don’t plan to use it,” he said. “If you do put it on the Internet, try and make sure you put it behind your personal router and firewall in your environment.”</p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/R7PHfu44CzQ" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/R7PHfu44CzQ/internet-of-things-security-hacking-malwarehttp://readwrite.com/2014/01/17/internet-of-things-security-hacking-malwareFri, 17 Jan 2014 00:05:00 GMThttp://readwrite.com/2014/01/17/internet-of-things-security-hacking-malware<!-- tml-version="2" --><p></p><figure><img src="http://a5.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyMzAwNjIwMjE5NzA2NjQ5.jpg"></figure><p>In response to a&nbsp;<a href="http://readwrite.com/2014/01/02/snapchat-responds-privacy-concerns-app-update-hack">massive security breach</a>&nbsp;that leaked over four million Snapchat phone numbers, the company&nbsp;on Thursday&nbsp;<a href="http://blog.snapchat.com/post/72768002320/find-friends-improvements">released an update</a>&nbsp;that allows users of its mobile app to opt-out of the Find Friends feature, which links your phone number to your Snapchat username.</p><p>"Our team continues to make improvements to the Snapchat service to prevent future attempts to abuse our API," Snapchat said in a <a href="http://blog.snapchat.com/post/72768002320/find-friends-improvements">blog post</a>. "We are sorry for any problems this issue may have caused you and we really appreciate your patience and support."</p><p>Snapchat was alerted to the potential hack in August <a href="http://readwrite.com/2013/12/26/snapchat-vulnerability">and again in December</a>, but refused to respond to the concerns or update the application to deter potential database breaches. After an anonymous hacker published the phone numbers of millions of users earlier this month, Snapchat responded—without an apology—by saying the company would fix the Find Friends feature that was allegedly optional in the first place.&nbsp;</p><p>Snapchat, led by 23-year-old founder Evan Spiegel, <a href="http://www.businessinsider.com/why-snapchat-should-apologize-2014-1">caught some flack</a> for its nonchalant response and lack of apology. <a href="http://blog.snapchat.com/post/72768002320/find-friends-improvements">Thursday's blog post</a> includes the words "we are sorry," but doesn't say the application has taken any further security measures beyond updating the Find Friends feature.&nbsp;</p><p>The company also says it is making improvements to the service to prevent future attempts to abuse its API. It's about time.</p><p><em>Image via Madeleine Weiss for ReadWrite.&nbsp;</em></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/vuZvtwQf8OE" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/vuZvtwQf8OE/snapchat-sort-of-apologizes-updates-find-friends-featurehttp://readwrite.com/2014/01/09/snapchat-sort-of-apologizes-updates-find-friends-featureThu, 09 Jan 2014 17:36:00 GMThttp://readwrite.com/2014/01/09/snapchat-sort-of-apologizes-updates-find-friends-feature<!-- tml-version="2" --><p></p><figure><img src="http://a5.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyMzAyNzE2NDMyMTg4MDA2.jpg"></figure><p>Earlier this week, the hacker group&nbsp;<a href="http://readwrite.com/2013/12/26/snapchat-vulnerability">Gibson Security published</a> what it claimed was Snapchat's API, and revealed two security exploits that could allow hackers to scrape phone number and personal data from Snapchat. Turns out, it appears to be accurate.</p><blockquote tml-render-position="right" tml-render-size="medium"><p><strong>See also: <a href="http://readwrite.com/2013/12/26/snapchat-vulnerability">Snapchat Flaws Allegedly Expose Phone Number, Account Information</a></strong></p></blockquote><p>Snapchat confirmed that the group had posted documentation for its private API and&nbsp;<a href="http://blog.snapchat.com/post/71353347590/finding-friends-with-phone-numbers">responded to the scraping claim</a>&nbsp;this way:</p><blockquote><p>If someone were able upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way. Over the past year we’ve implemented various safeguards to make it more difficult to do.</p></blockquote><p>Snapchat's admission was vague, though it suggested that the company isn't terribly concerned about potential privacy violations. The company said it continues to implement countermeasures to limit spam and abuse.</p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/QTzaBklD9H0" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/QTzaBklD9H0/snapchat-gibson-security-personal-datahttp://readwrite.com/2013/12/28/snapchat-gibson-security-personal-dataSat, 28 Dec 2013 01:05:00 GMThttp://readwrite.com/2013/12/28/snapchat-gibson-security-personal-data<!-- tml-version="2" --><p></p><figure><img src="http://a5.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyMzAyNzE2NDMyMTg4MDA2.jpg"></figure><p>If you use Snapchat, your ephemeral photo and video messages aren't the only things that could disappear.</p><p>Gibson Security, a group of anonymous hackers whose website describes members as "poor students with no stable source of income," just <a href="http://gibsonsec.org/snapchat/fulldisclosure/">published what it claims is Snapchat’s API</a>&nbsp;and details two exploits that could purportedly allow would-be hackers to access the phone number and username of millions of Snapchat users. If the revealed code is accurate, it would also let just about anyone build a Snapchat copycat.</p><p>The hackers <a href="http://www.dailydot.com/lifestyle/snapchat-security-names-alias-phone-numbers/">alerted Snapchat of the exploits back in August</a>, but the messaging startup <a href="http://gibsonsec.org/snapchat/">failed to take action</a> on the vulnerabilities. The company reversed-engineered both iOS and Android APIs to discover the security flaws.</p><p>While ReadWrite couldn't confirm the documentation does, in fact, allow people to scrape Snapchat users' phone numbers, the group claims it <a href="http://www.reddit.com/r/netsec/comments/1tmrnz/snapchat_exploits_api_documentation/cea35bg">isn't difficult to find</a> exploitations in the application. If it's true, it could be bad news for Snapchat, an app that has suffered privacy scrutiny in the past.</p><blockquote tml-render-position="right" tml-render-size="medium"><p><em><strong>See Also: <a href="http://readwrite.com/2013/12/27/snapchat-gibson-security-personal-data">Snapchat To Users: Yes, Hackers Can Scrape Your Personal Data</a></strong></em></p></blockquote><p>The “Find_Friends” and “Bulk Registration” exploits allegedly allow a program to generate random phone numbers, and if one matches a Snapchat account, hackers could see usernames and display names of the account, as well as the privacy settings. Additionally, malicious coders might be able to use the exploits to create thousands of fake accounts.</p><p>“The use case where an evil party who wishes to stalk someone, the scraping for that could be done on a home computer in an afternoon with enough information," a spokesperson for Gibson Security <a href="http://www.zdnet.com/researchers-publish-snapchat-code-allowing-phone-number-matching-after-exploit-disclosures-ignored-7000024629/">told ZDNet</a>.&nbsp;</p><p>This isn’t the first time Snapchat’s security flaws have been exposed. Earlier this year, a researcher at Decipher Forensics in Utah revealed that snaps <a href="http://www.huffingtonpost.com/2013/05/10/snapchat-photos-dont-delete-saved-on-phone_n_3248567.html">aren’t actually deleted from your phone</a>, just hidden. While they're difficult to access once deleted, they're still stored in the device’s memory.&nbsp;</p><h2>Snapchat Needs To Focus On Security</h2><p>Not only did Gibson Security’s original security notifications go unanswered by Snapchat, but the security research firm told ZDNet that the problem could have been fixed “with ten lines of code.”&nbsp;</p><p>The hackers also noted that Snapchat’s claim that the <a href="http://mashable.com/2013/11/20/snapchat-users-women/">majority of users who use the service are women</a> is false. Based on the documentation, it’s impossible to tell users’ gender.</p><p>So what does this all mean? Essentially, unknown parties could access the personal information you’ve trusted to Snapchat, and can presumably also create fake accounts with random phone numbers. Snapchat is notoriously tight-lipped as to how many users are actually on the service, though it does claim <a href="http://readwrite.com/2013/11/20/snapchat-perfect-app-visual-web-privacy-free">400 million messages are received</a> daily.&nbsp;</p><p>If accurate, the newly exposed exploits from Gibson Security suggest that some, possibly even many, Snapchat accounts may well be spammers.&nbsp;We've reached out to Snapchat for comment and will update this post if we receive a response.</p><p><em><strong>Update:&nbsp;</strong>Snapchat responded to Gibson Security's allegations in a blog post on Friday. They <a href="http://readwrite.com/2013/12/27/snapchat-gibson-security-personal-data">confirmed it's possible</a> to scrape users' information.&nbsp;</em></p><p><em>Image via <a href="http://www.flickr.com/photos/ryannagelmann/8334051647/sizes/o/">RyanNagelmann on Flickr</a></em></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/sr-2eCFM_eY" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/sr-2eCFM_eY/snapchat-vulnerabilityhttp://readwrite.com/2013/12/26/snapchat-vulnerabilityThu, 26 Dec 2013 22:28:00 GMThttp://readwrite.com/2013/12/26/snapchat-vulnerability<!-- tml-version="2" --><p></p><figure><img src="http://a4.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyMzAyNzEyMTM3MTU1MTc0.jpg"></figure><p>A storage system for meme-based cryptocurrency Dogecoin was hacked on Wednesday night. Users began reporting their <a href="http://doges.org/index.php/topic,5283.0.html">Dogewallets had been compromised</a> on the forum doges.org. Millions of Dogecoins were stolen.&nbsp;</p><p>The currency <a href="http://motherboard.vice.com/blog/dogecoins-founders-believe-in-the-power-of-meme-currencies">started off as a joke</a>; the coins were based off the <a href="http://knowyourmeme.com/memes/doge">Shiba Inu meme</a> that became popular on Reddit and 4chan. Unfortunately, even joke currencies that have real value can be compromised, and Dogecoin’s hack is a reminder that anything stored online—currency or otherwise—is susceptible to theft.&nbsp;</p><p>Users who were affected will allegedly&nbsp;<a href="http://4x.reddit.com/r/dogecoin/comments/1toz92/dogewallet_explanation/">get their money back</a>. With each coin valued at around $0.00059, only <a href="http://www.theverge.com/2013/12/26/5244604/millions-of-dogecoin-stolen-in-christmas-hack">about $12,000</a> was lost.&nbsp;</p><p><em>Image via <a href="http://www.flickr.com/photos/flyingblogspot/11435188454/sizes/o/">flyingblogspot on Flickr</a>.</em></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/th3hCN6nkRE" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/th3hCN6nkRE/dogecoin-hacked-millions-of-coins-stolenhttp://readwrite.com/2013/12/26/dogecoin-hacked-millions-of-coins-stolenThu, 26 Dec 2013 16:29:00 GMThttp://readwrite.com/2013/12/26/dogecoin-hacked-millions-of-coins-stolen<!-- tml-version="2" --><p></p><figure><img src="http://a3.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyMzAzODg2MDA1NTk1NDE3.jpg"></figure><p>Several prominent media sites and a few media-related Twitter feeds went down Tuesday following an apparent attack by the Syrian Electronic Army (SEA), <a href="http://170.149.168.130/2013/08/28/business/media/hacking-attack-is-suspected-on-times-web-site.html">the New York Times reported</a>. Among the sites affected were the NYT itself, the Washington Post, the Financial Times, NPR, and Twitter feeds for Reuters, the AP and BBC Weather.</p><p>The Syrian Electronic Army, <a href="http://readwrite.com/2011/06/01/report_on_mideast_pro-gov_hackers_this_week_in_onl#awesm=~ofKTVqhmK5G6VF">a group of hackers</a> that promotes the Assad regime in Syria, is also taking responsibility for taking control of the media sites. Contemporaneous data from Internet registrars named the Syrian Electronic Army as the sites' administrator.</p><div tml-external-provider="twitter" tml-external-id="Official_SEA16:372474022358810624"></div><p>The NYT reported that its domain name registrar,&nbsp;<a href="http://www.melbourneit.com.au/about/">Melbourne IT</a>, was hacked as part of the attack.&nbsp;</p><p>“The credentials of a Melbourne IT reseller were used to access a reseller account on Melbourne IT’s systems,” said Tony Smith, general manager of corporate communications for Melbourne IT.&nbsp;</p><p>The DNS records of several domain names on that reseller account were changed including <a href="http://www.nytimes.com">nytimes.com</a>. After they were notified of the hack, Melbourne IT changed the affected DNS records back to the previous values, locked the records from further manipulations and changed the reseller credentials to prevent further modifications. They have yet to confirm the identity of the hacker.</p><p>David Ulevitch, the founder and CEO of <a href="http://www.opendns.com/">OpenDNS</a>, a cloud-delivered Internet security network, said that the SEA appeared to have compromised the registrar's security, thereby gaining the ability to redirect domain names to anywhere they wanted.</p><p></p><figure><img src="http://a4.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyMzA0MDY2OTMwOTAxNjA2.png"><figcaption>This screenshot was taken around 2:30 p.m. Pacific Time and shows the Syrian Electronic Army as the administrators of Twitter.com.</figcaption></figure><p>Melbourne IT is the registrar for many prominent media sites, including Twitter and ShareThis.&nbsp;“ShareThis can be threatening because you can establish code that they could execute that would steal users’ passwords and compromise embedded posts.” Ulevitch said.</p><p>The NYT encouraged employees to stop sending emails when they found out about the suspected hack in an effort to safeguard personal information.</p><p>OpenDNS was already blocking malicious Syrian Electronic Army IP addresses. OpenDNS users that tried to access the sites when they were first attacked would see a notification about malicious software, not because the New York Times was hosting malware, but because the IP address that was associated with the domain at the time was that of the SEA.</p><p>“We have moved to reset Twitter and the New York Times back to their settings even though the rest of the Internet hasn’t caught up yet,” Ulevitch said.&nbsp;NYT CTO Rajiv Pant encouraged readers&nbsp;who are having trouble reaching the site to&nbsp;<a href="https://twitter.com/rajivpant/status/372486637227225088">use OpenDNS for now</a>.</p><p>OpenDNS already boasts over 50 million users, and Ulevitch is anticipating an increase in users as a result of Tuesday’s massive hack.</p><p>This is the latest in the SEA's history of attacking prominent news sites. They have compromised the <a href="http://online.wsj.com/article/SB10001424127887323735604578440971574897016.html">Associated Press Twitter account</a>, <a href="http://www.npr.org/blogs/thetwo-way/2013/04/16/177421655/npr-org-hacked-syrian-electronic-army-takes-credit">NPR's website and Twitter accounts</a>, the <a href="http://www.washingtonpost.com/lifestyle/style/syrian-group-hacks-washington-post-web-site/2013/08/15/4e60d952-05bd-11e3-88d6-d5795fab4637_story.html">Washington Post</a>, and <a href="http://www.theatlanticwire.com/national/2013/05/syrian-electronic-army-adds-financial-times-its-social-media-hacks/65361/">The Financial Times</a> in recent months.&nbsp;</p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/uwoPxP3oe8Y" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/uwoPxP3oe8Y/new-york-times-twitter-huffpo-hacked-syrian-electronic-armyhttp://readwrite.com/2013/08/27/new-york-times-twitter-huffpo-hacked-syrian-electronic-armyTue, 27 Aug 2013 22:39:00 GMThttp://readwrite.com/2013/08/27/new-york-times-twitter-huffpo-hacked-syrian-electronic-army<!-- tml-version="2" --><figure><img src="http://a1.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyMzAzNjI0NTQ5MjY0NjY1.jpg"></figure><p>Ready to embrace another arbitrary holiday - or just looking for an excuse to slack off and eat cake? Who isn’t?</p><p>This Saturday, May 25, is internationally known as Geek Pride Day. “But, <a href="http://www.piday.org/">Pi Day</a> and<a href="http://maythe4th.starwars.com/"> Star Wars Day</a>&nbsp;already happened,” you might be thinking. Which leads me to retort, “Do you want this holiday or not?” In actuality, Geek Pride Day is the only one of the bunch that works overtime as a general celebration of all types of geekery.&nbsp;</p><h2>3 Reasons To Geek Out</h2><p>In fact, there is a trifecta of different reasons May 25 is considered the geekiest day in the year.&nbsp;</p><ol><li>It’s <a href="http://towelday.org/">Towel Day</a>, the day two weeks after Douglas Adams’ passed in 2001 in which fans celebrate by keeping a towel handy <em>a la</em><a href="http://www.amazon.com/Hitchhikers-Guide-Galaxy-Douglas-Adams/dp/0345391802">The Hitchhiker’s Guide To The Galaxy</a>.</li><li>It’s the anniversary of the very first Star Wars movie, <em>Episode IV: A New Hope</em>, which was released on May 25, 1977.</li><li>It marks the <a href="http://en.wikipedia.org/wiki/Discworld_(world)#The_Glorious_Twenty-Fifth_of_May">Glorious 25th of May</a>, on which fans of Terry Pratchett’s <em>Discworld</em> books wear lilac and raise awareness of Alzheimer’s, following the author’s 2007 diagnosis.&nbsp;</li></ol><p>Geek Pride Day has been celebrated in dorky masses since 2006, when it originated in Spain as "<a href="http://www.elmundo.es/elmundo/2006/05/26/descodificador/1148596810.html">Día del Orgullo Friki</a>.” (That’s “Day of Geek Pride” in Spanish, natch.) The Internet did the rest, and today it’s an (unofficial) celebration all over the world. Here are a few of ways you can commemorate it:</p><h2><strong>Geek Stats</strong></h2><p>For three years running, IT recruitment agency Modis has conducted an annual <a href="http://www.modis.com/it-insights/press-room/survey-downloads/modis-geek-pride-survey-2013-media-deck.pdf">Geek Pride survey</a> in honor of the holiday. More than 1,000 American adults shared their thoughts about all things geek. Some of this year’s findings:</p><ul><li>The majority of Americans (87%) are proud of their geeky hobbies. Or, as the survey cringingly puts it, most “don’t sneak their geek.”&nbsp;</li><li>Good news for Google Glass! More than half of respondents (60%) are interested in “wearable tech,” with 56% specifically interested in “smart glasses.”</li><li>You might want to dial it back a bit with the <em>Doctor Who</em> in-jokes. While 74% of self-identified geeks rated themselves “very funny,” only 53% of non-geeks agreed.</li></ul><h2><strong>Learn A New Geek Skill</strong></h2><p>Historically, we’ve used “geek” to refer to people “who are unabashedly interested in learning and will eventually be our bosses.” (And before that it referred to sideshow spectacles, but let’s not get into that.) What better day to encourage your own intellectual curiosity?&nbsp;</p><p>ReadWrite has covered many online programs that can teach anyone — even kids — how to become programmers. But one we didn’t cover, Code School, is offering a free trial specifically in commemoration of Geek Pride Day. Sign up on its <a href="http://www.codeschool.com/free-weekend">celebration page</a> to dabble in Ruby, JavaScript, HTML/CSS or iOS for free over the weekend.&nbsp;</p><h2><strong>Acquire, Collect &amp; Consume Geekiness</strong></h2><p>Where would our economy be without geeks lining up in droves to snag the foil-cover limited-edition 3D-capable Blu-ray copy of <em>The Avengers</em>? Embrace capitalism while ensuring that any date you invite to your apartment will have to stare down your anime figurines first.&nbsp;</p><p>Predictably, ThinkGeek has an annual <a href="http://www.thinkgeek.com/geekpride/">Geek Pride Day promotion</a>. Just like last year, it's shipping out freebies and holding a giveaway. <a href="http://robotmutant.com/celebrate-geek-pride-day-redbubble/?utm_source=rss&amp;utm_medium=rss&amp;utm_campaign=celebrate-geek-pride-day-redbubble">Redbubble</a> is also kicking off a geeky weekend sale. Actually, just Google “<a href="https://www.google.com/search?q=Geek+Pride+Day+Sale&amp;oq=Geek+Pride+Day+Sale&amp;aqs=chrome.0.57j62l3.6341j0&amp;sourceid=chrome&amp;ie=UTF-8">Geek Pride Day Sale</a>” and you’ll find tons of companies hungry to snatch up your nerdy, nerdy money.&nbsp;</p><h2><strong>Meet Up, Geekily</strong></h2><p>Not one, not two, but <a href="http://animecons.com/events/">eleven</a> different science fiction, fandom, gaming and anime conventions take place on the weekend of Geek Pride Day 2013. From San Jose’s <a href="http://www.fanime.com/">FAnime Con</a> to Houston’s <a href="http://www.comicpalooza.com/">Comicpalooza</a> to Toronto’s <a href="http://animenorth.com/live/">Anime North</a>, the convention centers of Northern America are bound to be crawling with fellow geeks.&nbsp;</p><p>It should be easy to find people out and about who are celebrating Geek Pride Day in particular. If Twitter (<a href="https://twitter.com/search/realtime?q=%23GeekPrideDay&amp;src=typd">#GeekPrideDay</a>) and <a href="https://www.facebook.com/pages/Geek-Pride-Day/112614348755335#">Facebook</a> aren't enough, just look for people inexplicably carrying lightsabers, lilacs and towels.&nbsp;</p><p></p><p><em>Photo by <a href="http://www.flickr.com/photos/betsyweber/4961703633/">betsyweber</a>.</em></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/ypMzCEl86OY" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/ypMzCEl86OY/geek-pride-day-celebratehttp://readwrite.com/2013/05/23/geek-pride-day-celebrateThu, 23 May 2013 19:54:46 GMThttp://readwrite.com/2013/05/23/geek-pride-day-celebrate<!-- tml-version="2" --><figure><img src="http://a3.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyMzAzNDcxODA5NTU1NzM3.jpg"></figure><p>Facebook enabled a privacy feature Thursday called <a href="https://www.facebook.com/settings?tab=security&amp;section=trusted_friends&amp;view">Trusted Contacts</a> that allows you to select three to five confidants from your friend list to receive the virtual key to your account. If your Facebook is compromised by hackers or you forget your password, these people can supply the codes to get you back in.&nbsp;</p><p>The feature was first announced as <a href="https://www.facebook.com/notes/facebook-security/national-cybersecurity-awareness-month-updates/10150335022240766">'Trusted Friends' in&nbsp;October of&nbsp;2011</a>. "However, we were only testing for the first part of last year [2012], and the feature actually wasn't available for much of 2012," Frederic Wolens of Facebook Policy Communications told ReadWrite in an email. "The bulk of our work was making this more proactive (allowing you to select your friends ahead of time) than reactive (selecting your friends after you couldn't get into your account)," he added.&nbsp;</p><h2>The Joy Of Facebook Hacking</h2><p>While there may be some benefits to this feature,&nbsp;Facebook already has&nbsp;<a href="https://www.facebook.com/note.php?note_id=10150172618258920">two-step authentication</a>, making Trusted Contacts unnecessary&nbsp;in the likely event you can access your email and just use the normal password recovery option.&nbsp;More to the point, Trusted Contacts also pose a big risk. How much can you really trust those Trusted Contacts not to abuse their power?</p><p>Remember, it takes only three of the Trusted Contacts' codes to get into your account. That's good, right?</p><p>Right.</p><p>Unless the friends you choose have an affinity for the art of the Facebook hack.&nbsp;In my college years, when shared computers were often accessible in dorm rooms and campus hangout spots, Facebook hacking wasn't just a prank, it was an art. The rules were simple: If anyone left their account open on any computer that wasn't their own that person's Facebook account was fair game. (Sometimes, even that simple rule was bent by the less honorable.)</p><p>What typically ensued was a chaotic, hilarious and often line-crossing exercise&nbsp;in testing the limits of friendship. The hack quickly transcended crude status updates and moved into true social media sabotage.&nbsp;Facebook hackers would change birthdays, send unwanted friend requests and write&nbsp;embarrassing notes on walls. &nbsp;</p><p>For me, the whole ordeal culminated in a prank where I created a fake profile of my victim, replicated his post history for a week in secret, and then began friending everyone we knew. I mimicked his behavior so well no one figured out it was me for a good day or two. It remains one of my proudest Facebook hacks - and the epitome of my juvenile social media behavior.&nbsp;</p><h2>Breaking In</h2><p></p><figure><img src="http://a3.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyMzAzNDc0NDkzOTgxMjg2.jpg"></figure><p>First off, let's run through how a trio of your Trusted Contacts could access your account without you knowing about it.&nbsp;</p><p>After opening Facebook in a different browser or private browsing mode, a Trusted Friend would &nbsp;click "Forgot your password?" From there, they would identify the victim by name in the Find Your Account field, saying that they no longer have access to the email accounts listed. That lets you put in any email address - and the process moves on without requiring further authentication.</p><p></p><figure><img src="http://a5.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyMzAzNDc2MTA0NDU3NDk3.jpg"></figure><p>By entering in only one of the Trusted Contacts' names — in the event that you're the one doing the hacking, it can be your own name — you can access the code portion of the page. With three codes collected by visiting <a href="http://www.facebook.com/recover">Facebook.com/recover</a> and claiming the person has reached you by phone, you're&nbsp;immediately&nbsp;brought to a new password screen where the Trusted Friend can reset the password and gain access to the account.&nbsp;</p><p></p><figure><img src="http://a2.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyMzAzNDc5MDU3MjQ3NTEz.jpg"></figure><p>Sounds like it would be a lot of work, and it certainly is when I tried it myself on my own account, but you <em>are</em> essentially handing over the ability for three people, or just one who convinces two others to give them the codes, to change your password without any new authentication required on your end. Granted, you can revoke access to a Trusted Contact, but only from your account. &nbsp;</p><h2>Who Can You Trust?</h2><p>Obviously, the best precaution is to pick people you're confident won't prank you. But there are also a certain types of Facebook user who should never get this kind of access.&nbsp;</p><p>For one, don't trust anyone who&nbsp;infrequently&nbsp;uses Facebook or who likes to condemn the social network and those who indulge too much in it. The first sign of a weakness for Facebook hacking is disregard for the damage a "Liking" spree can do, or downplaying the importance of Facebook birthdays. These people find it hilarious when dozens of people begin mistakenly wishing you a Happy Birthday.&nbsp;</p><p>Conversely, people who use Facebook<em> too much</em> may be just itching to pull off the perfect Facebook prank - and they'll know the the best, most believable&nbsp;ways to impersonate you.</p><p>One smart approach might be to pick two people that dislike each other, making it unlikely that they'll work together to mess with you.&nbsp;</p><p>The simplest solution: Don't use Trusted Contacts.&nbsp;The feature adds a layer of defense against strangers attacking your account, which could be reasonable considering&nbsp;<a href="http://bits.blogs.nytimes.com/2013/04/22/the-year-in-hacking-by-the-numbers/">this year's surge incidents of malicious hacking</a>.&nbsp;But it also seems like a sly attempt to push the boundaries of Facebook's importance in our lives.&nbsp;</p><p>But by&nbsp;"trusting" your friends enough to give them a key to your digital life, you may be taking an even bigger risk of being pranked, if not actually hacked.</p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/NHBGArbhDd0" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/NHBGArbhDd0/facebooks-new-trusted-contacts-can-you-really-trust-your-friendshttp://readwrite.com/2013/05/03/facebooks-new-trusted-contacts-can-you-really-trust-your-friendsFri, 03 May 2013 11:04:00 GMThttp://readwrite.com/2013/05/03/facebooks-new-trusted-contacts-can-you-really-trust-your-friends<!-- tml-version="2" --><figure><img src="http://a1.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyMzAzNDYxODc3Mzc4MzI5.jpg"></figure><p>News broke earlier this week of a <a href="http://arstechnica.com/gaming/2013/05/we-rooted-wii-u-encryption-and-file-system-says-hacker-group/">new hack to Nintendo's Wii U</a> that would allow gamers to play unauthorized (read: pirated) games. Nintendo immediately disputed it. But whether it's true or not, the Wii U will most certainly be hacked before long — and that fact tells us a lot about the increasingly tense arms race being waged between console manufacturers and hackers.</p><p>Users have been hacking their consoles — in the sense of writing new games and implementing new functions of their operating systems — since the dawn of gaming. But back when the hardware of your 1970s era console only slightly resembled the inside of your computer, it was more of a hobby and less of a widespread movement.&nbsp;</p><p>In fact, you can blame game developers, not ordinary users, for modern anti-hacking measures. The Atari 2600, released in 1977, had no software restrictions at all, and neither did competing consoles. This left developers free to create a flood of terrible and low quality games that overwhelmed consumers and led to the <a href="http://en.wikipedia.org/wiki/North_American_video_game_crash_of_1983">great video game crash of 1983</a> — the industry’s first major recession.&nbsp;</p><h2>Nintendo Clamps Down</h2><p>That changed with the rise of Nintendo, which sought to reverse Atari’s openness in favor of tight control over console technology and a business model that relied on revenue from licenses sold to game developers. Nintendo sought to ensure high-quality games by retaining the sole right to approve them —&nbsp;and by locking out rivals and hackers who might create their own.</p><p>Overnight, the challenge for hackers flipped from exploiting the potential of Atari’s open platform to finding ways to circumvent Nintendo’s lockout chip. It’s a cycle that’s continued to this day. Today, the Internet makes it easier than ever for hackers to collaborate and distribute exploits that allow even average players to bypass the lockdowns on their consoles.</p><p>If the Wii U has indeed been hacked, then it will join the ranks of the Playstation 3, Playstation 2, XBox 360, Xbox, Wii, Nintendo DS, and PSP. All of these consoles can be jailbroken like iPhones, ready to run whichever programs their owners choose. That could mean running an operating system like Linux on your XBox, loading&nbsp;<a href="http://wiibrew.org/wiki/List_of_homebrew_games">homebrew, or original, games</a> on your Wii, or playing pirating copies of commercial games on your PS3.&nbsp;</p><h2>Hackers Rev Up The Arms Race...</h2><p>Obviously I don’t endorse piracy, and even at its most innocuous, console hacking lies in a legal gray area. (The Electronic Frontier Foundation is <a href="https://www.eff.org/sites/default/files/filenode/2012_dmca_exemption_requests_no_appendix.pdf">trying to change that</a>.)</p><p>But it’s hard to imagine that hackers will —&nbsp;or can — be stopped. Locking down consoles seems to do little, if anything, to slow down people intent on hacking anyway. The more restrictions console manufacturers apply, the more it appears to spur hackers into trying to remove them.&nbsp;</p><p>Or just enrage them. For instance, Sony's PlayStation Network —its online game service — was hacked shortly after Sony&nbsp;<a href="http://www.theregister.co.uk/2011/04/26/sony_playstation_network_security_breach/">removed support for Linux on the PS3</a>. Sony’s retroactive cutoff of the one place hackers could play around in the console could easily have incited the attacks in response. Of course, the PSN hack was very different from console “jailbreaks,” not least because it may also have resulted in <a href="http://en.wikipedia.org/wiki/PlayStation_Network_outage">credit-card fraud following the theft of user data</a>.</p><h2>...And So Do Game Companies</h2><p>Yet console manufacturers won't give up, either. Their lockdowns are mostly ineffective against hackers, but they do plenty to make it not worth the average player’s time. If there was no lockdown at all, anyone could burn illegal copies of games on CDs to share.</p><p>The big console makers also have an incentive to hold onto all the money they can get. Aside from pirates, consoles face a slew of big challenges, not least among them a robust second-hand game market they would <a href="http://www.statesman.com/news/business/is-the-end-near-for-used-video-games/nXWh3/">dearly love to kill off</a> and a profusion of 99-cent game apps that are frequently just as fun to play as the $60 monsters produced by big game developers.</p><p>Of course, this entire mode of thinking could go out the window when the <a href="http://www.ouya.tv/">Ouya</a> is out this summer. The world’s first “<a href="http://www.slashgear.com/ouya-team-assures-pre-hacked-units-on-request-23239851/">pre-hacked</a>” console is a throwback to the fully open Atari. The very fact that it earned $8 million while still a concept shows a high demand for a open-source system, but time will tell if it inherits the Atari’s woes or finds a way to make it work.</p><p><em>Photo courtesy of Nintendo</em></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/7ppkbNzewZw" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/7ppkbNzewZw/why-the-wiiu-hack-is-inevitablehttp://readwrite.com/2013/05/02/why-the-wiiu-hack-is-inevitableThu, 02 May 2013 19:52:00 GMThttp://readwrite.com/2013/05/02/why-the-wiiu-hack-is-inevitable<!-- tml-version="2" --><figure><img src="http://a5.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyMzAzMzc0OTA0MjkwNTg1.jpg"></figure><p><em>Matt Ammerman is a co-founder and VP of client services for </em><a href="http://apprenda.com/"><em>Apprenda.</em></a></p><p>As an enterprise software developer, I understand where frustrations lie in today's IT organization and different lines of business.</p><p>Here are 10 things developers like me want their CIOs to understand:</p><p><strong>1. We're the fastest moving part of the company’s IT organization and we want the everyone else to catch up.</strong> Under the right conditions, I can develop applications very quickly. Unfortunately, the wrong conditions slow me down. Having to wait for IT to provision dependencies that I might have drastically diminishes my productivity. IT needs to offer services that streamline their processes and let me work at my pace.</p><p><strong>2. We can work faster and for less money with the right tools. We can leverage small investments to go a long way.</strong> Every developer has a tool belt. I have tools that I prefer to use when developing software. Make an investment in the tools that I use, from text editors to IDEs to platforms and frameworks. I can use these tools to make excellent software that benefits the company.</p><p><strong>3. Coordinating disparate teams within IT to roll out a single app is how I spend most of my time.</strong> I can typically write an application in 4-6 weeks, sometimes quicker. At that point I should be able to deliver the app to the customer. Unfortunately, I end up spending a great deal more time coordinating the rollout of the application by talking to disparate groups responsible for things like security, networking and servers.</p><p><strong>4. Virtualization alone makes IT's life easier, not mine.</strong> The software I write is complex. Making infrastructure easier to deploy does not make it easier to write these complex apps, even if the infrastructure is available on demand. That just makes one part of the job go faster. I prefer to tap into existing systems for complex things instead of trying to become an expert in all of them. Providing those systems is how you can make me more productive.</p><p><strong>5. I want to know that I am a part of a single organizational vision for software and services.</strong> Sometimes I feel like I'm working on apps or pieces of apps that are part of a larger project or vision that I don’t know enough about. If I'm working on a new initiative that is strategically important to the company, let me know that. I want to feel like I’m contributing to something big.</p><p><strong>6. Standardization on technologies within our company will make our lives a lot easier.</strong> I have my own way of doing things, and each developer here has their own way. This doesn't bode well for our company's software strategy. If we're not all doing things the same way, lots of things are sub-optimized - from testing, to rollout, to overall code quality. If we standardize on systems, we have expectations that are transferrable between our projects.</p><p><strong>7. We'd rather be building new apps or modernizing older ones than keeping up legacy apps.</strong> I go to user groups and I talk to other developers. They're doing cutting edge things because they have initiatives to build modern apps. For example, I have friends who are building mobile apps. Meanwhile I am maintaining legacy back office software that could be modernized to provide much more value to the company.</p><p><strong>8. Our company should be supporting mobile apps. We can build them, but can IT support them?</strong> Mobile apps have interesting backend requirements, like scalability and distribution. Any developer can build a single app for a mobile device. It becomes far more complex to build connected apps and the backend services that support them. We need systems in house that make this part easier. With that, we can build mobile apps very quickly.</p><p><strong>9. We should run our IT infrastructure the way the best managed service providers in the world do.</strong> Our company has more developers and more end users than many companies that develop software for the public. It stands to reason that we would run our datacenters just like, if not better than, the best managed service providers in the world. I should be able to expect this from IT, because I depend on them to host my apps. It should be easier for me to work with our IT than with an external hosting provider.</p><p><strong>10. We could build more reliable software if we had the ability to test constantly in a production-like environment.</strong> My ability to deliver quality software is only as good as my ability to test that software. I need reliable and accessible infrastructure resources so I can test quickly in order to implement solutions. Introducing differences between my testing environments and the production environments make it more difficult for me to test my software and meet expectations.</p><p></p><p><em>Image courtesy of <a href="http://www.shutterstock.com">Shutterstock</a>.</em></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/UsqbQBHS5Uw" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/UsqbQBHS5Uw/ten-things-corporate-developers-are-dying-to-tell-their-cioshttp://readwrite.com/2013/04/18/ten-things-corporate-developers-are-dying-to-tell-their-ciosThu, 18 Apr 2013 12:05:00 GMThttp://readwrite.com/2013/04/18/ten-things-corporate-developers-are-dying-to-tell-their-cios<!-- tml-version="2" --><figure><img src="http://a2.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyMzAzMzQyNjkyMDQxMzE4.jpg"></figure><p><em>Guest author Tyler Jewell is CEO of <a href="https://codenvy.com/">Codenvy</a>, a cloud development environment.</em></p><p>Over the past decade, cloud computing has disrupted nearly every facet of IT. Sales, marketing, finance and support - all of these applications are being reengineered to take advantage of cloud's instant access, no download and pay-as-you-go attributes. According to Gartner, the cloud is changing the way applications are designed, tested and deployed, resulting in a significant shift in application development priorities. Cost is a major driver, but so are agility, flexibility and speed to deploy new applications. The firm estimates that <a href="http://www.gartner.com/id=2098416">90% of large enterprises and government agencies will use some aspect of cloud computing</a> by 2015.</p><p>The cloud has also begun to impact the tools and support solutions that drive IT. This includes performance management (<a href="http://www.newrelic.com/">New Relic</a>), backup and recovery (<a href="http://www.mozy.com/">Mozy</a>), configuration management (<a href="http://www.servicenow.com/">Service Now</a>), helpdesk (<a href="http://www.zendesk.com/">Zendesk</a>), datacenter automation (<a href="http://www.puppetlabs.com/">Puppet Labs</a>) and release management. The agility afforded by on-demand services is further penetrating the developer space.</p><p>We've seen cloud versions of middleware in the form of Platform-as-a-Service (PaaS), agile solutions (<a href="http://www.rallydev.com/">Rally Software</a>), Code Versioning Systems (CVS) (<a href="http://www.github.com/">GitHub</a>), continuous integration (<a href="http://www.cloudbees.com/">CloudBees</a>) and system testing (<a href="http://www.soasta.com/">Soasta</a>). The more than 100 companies in these segments have cumulatively raised more than $500 million in capital.</p><p>Yet despite this transformation, there has been little disruption to the <a href="http://en.wikipedia.org/wiki/Integrated_development_environment">integrated development environment (IDE)</a> world. The world's nearly 15 million developers, teams and organizations continue to use <em>desktop</em> IDEs as their workbench of choice. Why hasn’t the development environment moved to the cloud along with just about every other application?</p><h2>What's Wrong With Desktop Development?</h2><p>Desktop development environments are becoming outdated, failing more often and causing productivity issues for developers. Here's why:</p><p><strong>Complicated configuration management:</strong> The substantial configuration management process&nbsp;for a developer's workspace turns developers into part-time system administrators, responsible for their own mini-data center running entirely on the desktop. This is time consuming, error prone and challenging to automate.</p><p>Many developers have multiple computers and are forced to repeat these tasks on each machine. There is no way to synchronize the configurations of components across different&nbsp;machines, and each machine requires similar hardware and operating systems to&nbsp;operate the components identically.</p><p><strong>Decreased productivity:</strong> Many IDEs are memory and disk hogs, with significant boot times. They are so resource-hungry they can starve other applications, such as the Web browser. The net effect is a less productive developer due to a slower machine.</p><p><strong>Limited accessibility:</strong> Desktop developer workspaces are not accessible via mobile devices. Developers who need remote access have to resort to complex and slow solutions such as GotoMyPC - if their firewall allows it.</p><p><strong>Poor collaboration:</strong> These days, most developers work as part of a team, so&nbsp;communication and collaboration are critical. But desktop IDEs must outsource collaboration to communication systems outside the developer's workflow, forcing developers to continuously switch between developing within the IDE and communicating with their team via other means.</p><h2>The Solution: Cloud Development</h2><p>To solve these problems requires moving the entire development workspace into the cloud. The developer's environment is a combination of the IDE, the local build system, the local runtime (to test and debug the locally edited code), the connections between these components and the their dependencies with tools such as <a href="http://en.wikipedia.org/wiki/Continuous_integration">Continuous Integration</a> or central services such as Web Services, specialized data stores, legacy applications or partner-provided services.</p><p>The cloud-based workspace is centralized, making it easy to share. Developers can invite&nbsp;others into their workspace to co-edit, co-build, or co-debug. Developers can communicate with one another in the workspace itself - changing the entire nature of pair programming, code reviews and classroom teaching. The cloud can offer improvements in system&nbsp;efficiency &amp; density, giving each individual workspace a configurable slice of the available memory and compute resources.</p><p>Of course there is more work to do, and we are far from tapping into the&nbsp;endless possibilities the cloud computing offers developers. But the benefits are already clear.</p><p></p><p><em>Image courtesy of <a href="http://www.shutterstock.com">Shutterstock</a>.</em></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/OaDHfDkbIfw" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/OaDHfDkbIfw/why-cloud-development-environments-are-better-than-desktop-developmenthttp://readwrite.com/2013/04/16/why-cloud-development-environments-are-better-than-desktop-developmentTue, 16 Apr 2013 12:05:00 GMThttp://readwrite.com/2013/04/16/why-cloud-development-environments-are-better-than-desktop-development<!-- tml-version="2" --><figure><img src="http://a2.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyMzAzMjAzOTEwOTEwNTY2.jpg"></figure><p><em>Guest author Jyoti Bansal is the founder of <a href="http://www.appdynamics.com/">AppDynamics</a>.</em></p><p>Long undervalued, Enterprise software businesses are now enjoying their day in the sun. On Wall Street, enterprise is the new sexy – but how did they manage to wrestle the spotlight from the consumers apps everyone was talking about not so long ago?</p><p>A key reason is that savvy enterprise software companies are taking what’s great about consumer software and using it to solve big problems that big companies will pay big money to eliminate.</p><p>The hyper-competitive consumer market forced technology companies to create usable and intuitive products that don’t require weeks of training and costly consultants to operate. The best enterprise companies are realizing they have to measure up to that new bar to succeed.&nbsp;</p><p>But how do notoriously hidebound enterprise software companies do that? These four strategies can help enterprise software companies leverage what consumer software firms have learned the hard way:</p><h2>1. Hire A Good UI Architect – Now&nbsp;</h2><p>This might sound obvious, but hiring a top-notch user interface architect should be almost the first thing you do once you hatch a plan for a new enterprise product. Consumer software is built from the top down, which means you’re thinking of how the end user will interact with the software before you even write a line of code. That’s how it </p><p><em>should</em></p><p> be with enterprise software, too. Get a UI architect to help you decide on the architecture and roadmap of your product so that you don’t run into usability obstacles down the road. And keep the UI team involved every step of the way to help keep feature creep from cluttering up your product.</p><h2>2. Hand Out A Free Download&nbsp;</h2><p>People who buy software for enterprises are jaded. They’ve heard a million product pitches, and they’re justifiably skeptical that your product will deliver what you say it will – they’ve been burned before. The best way to convince people that your product can do what you say it does is to *show* them, and to let them find out for themselves. Make a free version of your software available for download from your website. It may cost a little bit in development and support, but it’s worth it for the credibility it delivers.</p><h2>3. Offer A SaaS Option&nbsp;</h2><p>Software-as-a-Service has caught on in the enterprise because it makes it easier and cheaper for people to get started using your product. If you don’t offer a SaaS version, you’re losing business. Period.</p><h2>4. Get Out Of The Way&nbsp;</h2><p>Consultants and professional services reek of old-school software, and they make your customers feel like you’re taking advantage of them. If your product is easy to use (which it should be if you followed Step 1 above), then you shouldn’t need to send consultants out to help your customers set up your software. Let people try out your software for themselves without bugging them – if they like what they see, they’ll come ask you for more.</p><p>Not every company can be Apple or Google – but when it comes to enterprise software, it pays to follow their lead. Legacy enterprise software companies that insist on opaque pricing, hard-to-acquire-and-use software and complicated sales cycles are looking a lot like dinosaurs these days. And they’re not even aware that an asteroid is about to hit them.</p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/HEVR8mdA2pM" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/HEVR8mdA2pM/enterprise-software-makeover-4-things-to-borrow-from-consumer-appshttp://readwrite.com/2013/03/28/enterprise-software-makeover-4-things-to-borrow-from-consumer-appsThu, 28 Mar 2013 11:04:00 GMThttp://readwrite.com/2013/03/28/enterprise-software-makeover-4-things-to-borrow-from-consumer-apps<!-- tml-version="2" --><figure><img src="http://a5.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyMzAzMjE4MTM4MDU1Mjcw.jpg"></figure><p>When it comes to user security at Apple, it's one step forward, two steps back.</p><p>Yesterday, the company belatedly announced long-needed&nbsp;<a href="http://readwrite.com/2013/03/21/apple-institutes-two-step-verification">two-step verification security for Apple IDs</a>, only two years after Google rolled out the protective measure for its users. Today comes word of a <a href="http://www.theverge.com/2013/3/22/4136242/major-security-hole-allows-apple-id-passwords-reset-with-email-date-of-birth">massive security flaw</a> that reportedly lets anyone reset your Apple account password if they know your email and your birthday.</p><p><strong>(See also: <a href="http://readwrite.com/2013/03/21/apple-institutes-two-step-verification">Apple Finally Gets Serious About User Security</a>)</strong></p><p>But here's the punch line: While two-step verification would protect Apple users from this exploit, the company has subjected all requests to activate the security measure to&nbsp;<em>a three day delay</em>. Even then, two-step verification is only available to users in&nbsp;the U.S., the UK, Australia, Ireland, and New Zealand.</p><h2>How To Protect Yourself</h2><p>A step-by-step guide to exploiting this vulnerability is still available online, although we won't link to it here. Basically, it involves pasting in a modified URL on Apple's iForgot page when prompted to answer the date-of-birth security question to reset your password.</p><p>The surest way to protect yourself in the short term — i.e., without two-step verification — is to change your birthday, the Verge's Chris Welch writes. To its credit, Apple has already <a href="https://iforgot.apple.com/iForgot/iForgot.html">disabled its password reset page</a>, presumably to disrupt any attempts to hijack user accounts. With any luck it will have the flaw fixed as soon as possible, although the company has yet to make any public statements regarding the flaw.</p><p>This turn of events follows by just days an earlier Apple security faux paux. The company released iOS 6.1.3 for the sole purpose of fixing a lock-screen bypass that let users with a <a href="http://readwrite.com/2013/02/14/why-the-ios-61-bug-is-no-reason-to-worry">knack for expert timing access an iPhone's contacts and photo library</a>. Yet later that day it become clear that the update&nbsp;contained yet&nbsp;another&nbsp;<a href="http://www.zdnet.com/apple-ios-6-1-3-fix-contains-another-lock-screen-bypass-flaw-7000012912/">lock-screen bypass flaw</a>.</p><p>This password reset hack is considerably more destructive than the lockscreen problem, which essentially only allows a would-be hacker to peek at a stolen iPhone's contacts and photo library. Still, it's certainly been a bad week for Apple in the user-security department.</p><p>We've contacted Apple and will update if and when we hear back.</p><p><strong>Update:</strong><a href="http://www.theverge.com/2013/3/22/4137068/apple-confirms-security-threat-working-on-fix">According to the Verge</a>, Apple acknowledges the vulnerability and says it's working on it:</p><blockquote></blockquote><p>Apple takes customer privacy very seriously. We are aware of this issue, and working on a fix.</p><p></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/NzM_sUJEaLQ" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/NzM_sUJEaLQ/apples-two-step-verification-gaping-security-flawhttp://readwrite.com/2013/03/22/apples-two-step-verification-gaping-security-flawFri, 22 Mar 2013 21:41:00 GMThttp://readwrite.com/2013/03/22/apples-two-step-verification-gaping-security-flaw<!-- tml-version="2" --><figure><img src="http://a3.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyMzAzMDQ0NzI4Njc5NzA1.jpg"></figure><p>In the past few weeks, I have written two stories about the menace the Internet represents, particularly in view of the hacking attacks almost certainly perpetrated by the Chinese Red Army. In particular, my contention that we need to develop a next generation Internet that's more secure and, preferably, walled in, drew a lot of heated commentary.</p><p>Here are just a few of the choicest ones:</p><ul><li>This is unmitigated isolationist idiocy.</li><li>Seriously... is this a spoof article?</li><li>This post should not appear in readwriteweb.</li></ul><p><strong>(See <a href="http://readwrite.com/2013/02/05/world-war-iii-is-already-here-and-were-losing">World War III Is Already Here - And We're Losing</a> and <a href="http://readwrite.com/2013/02/21/cyberwar-imperative-we-need-a-next-generation-internet">Cyberwar Imperative: We Need A Next-Generation Internet</a>.)</strong></p><h2>Hacking As Retaliation?</h2><p>That's great, and maybe there really isn't any problem here. But the fact is that about 10 days after the first story ran - I got hacked.</p><p>A coincidence? I think not.</p><p>Or maybe it was my own doing, astutely observed one reader: "I asked for it." Now where have I heard that blame game before?</p><p>So what happened? Someone hacked my email password and sent thousands for spam messages using my account. I knew something was wrong when I suddenly was inundated with "Mail delivery failed" subject lines. My Twitter account was hacked, too, but that could just be Twitter's lax security measures.</p><p>Of course, there's no way to tell if the dirty deed was done by the Chinese, or even whether it was in retaliation for the articles. But the timing certainly seems suspect.</p><p>In his State of the Union address, President Obama ranked hackers and cyber attacks among the greatest economic and national U.S. security threats. The President's response was to issue an executive order calling for more sharing of cyber-attack and threat information between private and public sectors. Naturally, civil libertarians object to this executive order due to potential invasions of privacy.</p><h2>Solution: Fix the Internet Itself</h2><p>A far more practical idea comes form <a href="http://necsi.edu/">New England Complex Systems Institute</a>, which is set to publish a report next week that agrees with my stated principles. The NECSI report blames the problem on the Internet itself, and says that the only solution is to redesign it.</p><p>"The current design of the Internet is inherently insecure," says NECSI President and co-author Yaneer Bar-Yam in a press release. "Any node can be attacked from any other node, requiring the entire network to be fortified against all possible attacks, an unrealistic goal," adds Bar-Yam.</p><p>That would require redesigning the Internet's architecture itself. The report proposes substantial changes to routers in charge of switching data packets between network nodes.</p><p>"Collective security-preventing attacks would require that the routers of the Internet themselves would need to have protocols that allow refusal of transmission based upon content or extrinsic information such as point of origin," according to the study's authors.</p><p>The study, <a href="http://www.necsi.edu/research/military/cyber/">Principles of Security: Human, Cyber and Biological</a>, was developed at the request of a long-term military planning group, the Strategic Studies Group, which reports to the Chief of Naval Operations. The report is being released for the first time to the public next week.</p><p>As for me, I'm glad to see that other people are thinking about realistic solutions to make our Internet less vulnerable to attacks of all kinds.<br tml-linebreak="true"><br tml-linebreak="true"><em>Image of alleged Chinese hackers compound courtesy of Reuters.</em></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/BTxGIanv14Y" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/BTxGIanv14Y/hacked-did-the-chinese-get-their-revengehttp://readwrite.com/2013/02/28/hacked-did-the-chinese-get-their-revengeThu, 28 Feb 2013 18:33:00 GMThttp://readwrite.com/2013/02/28/hacked-did-the-chinese-get-their-revenge<!-- tml-version="2" --><figure><img src="http://a3.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyMzAzMDEzMDUzMjk1ODk3.png"></figure><p>Microsoft ended the week with a pair of black eyes: a failure to secure a security certificate brought its Azure cloud service tumbling down, and the company also confessed to being the latest corporate victim of a high-profile hacking attempt.</p><p>The Azure failure also affected Microsoft's Xbox game, Halo 4, Microsoft <a href="https://twitter.com/HaloWaypoint/status/305170808358174721">confirmed</a>.</p><p>The highest-profile incident may have had the least effect: "a small number" of Microsoft PCs were penetrated by an unknown intruder. No user data was compromised, Microsoft <a href="http://blogs.technet.com/b/msrc/archive/2013/02/22/recent-cyberattacks.aspx">said in a blog post</a>.&nbsp;</p><p>"Consistent with our security response practices, we chose not to make a statement during the initial information gathering process," Matt Thomlinson, general manager of Microsoft's Trustworthy Computing Security unit, wrote. "During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected and our investigation is ongoing."</p><p>The attacks were consistent with other efforts to penetrate <a href="http://www.reuters.com/article/2013/02/19/us-apple-hackers-idUSBRE91I10920130219">computers within Apple</a> and Facebook, Microsoft said. <a href="http://readwrite.com/2013/02/15/and-facebook-was-hacked-too">Facebook discovered its attack</a>&nbsp;last week, which followed attacks on the <em>Wall Street Journal</em> and <em>The New York Times</em>&nbsp;via an unpatched exploit within Java, exploited, experts believe, by the <a href="http://readwrite.com/2013/02/21/cyberwar-imperative-we-need-a-next-generation-internet">Chinese military</a>.</p><p>Separately, <a href="http://readwrite.com/2013/02/22/zendesk-hack-compromises-user-data-of-twitter-tumblr-pinterest">ZenDesk reported Friday that it too, was hacked</a>, exposing emails that clients Tumblr, Twitter and Pinterest used to communicate it with it for service-related requests.&nbsp;</p><h2>Lack Of SSL Certificate Brings Azure Down</h2><p>At press time Friday night, Microsoft still had not implemented a fix for the Azure issue, caused by a failure to obtain a new SSL certificate. That brought its Azure storage services down across all of its worldwide regions, as well as services that were dependent upon them.</p><p>At 9:30 PM UTC (4:30 PM ET), Microsoft discovered that "HTTPS operations (SSL transactions) on Storage accounts worldwide are impacted," the company said. &nbsp;By 9:45 PM UTC, the the management portal, WindowsAzure.com, and the service bus, plus the websites that Azure serves were also down. By 10:15 PM, the company had begun validating steps to repair the problem, but hadn't formally announced a fix. After users began circulating screenshots of what appeared to be an expired SSL certificate, the company acknowledged its error.</p><p>"Windows Azure Storage has been affected by an expired certificate," a spokesman said in an emailed statement. We are working to complete the restoration as quickly as possible. We apologize for any inconvenience this has caused our customers. For more information please go to <a href="http://www.windowsazure.com/en-us/support/service-dashboard/">http://www.windowsazure.com/en-us/support/service-dashboard/</a>."&nbsp;Microsoft also apologized to customers via Twitter.</p><p>Microsoft also reported problems with its Compute services, preventing users from creating new virtual machines. That left users who needed to create those virtual machines to host new apps scratching their heads. "Most of our apps are screwed up now!" pinvoke.in, one commenter, <a href="http://social.msdn.microsoft.com/Forums/en-US/windowsazuredata/thread/751c85c5-b3b5-43ba-9d5b-770472ad79e1">complained</a>. "WHATS NEXT? All compute instances die because someone at the data center switched them off?"</p><p>Unfortunately for Microsoft, this sort of thing has happened before. At the end of February 2012, Microsoft failed to account for the leap day at the end of the month, Feb. 29. As a result, the Azure services was down for more than 12 hours before Microsoft could issue a fix. Microsoft hasn't said whether or not the recent outage was a result of an oversight, or a more serious technical error.</p><p>Oddly enough, Netflix began <a href="https://twitter.com/Netflixhelps/status/305103157942435842">reporting problems</a>&nbsp;of its own on Friday night, leading to the intriguing possibility that two cloud services may have been failing at the same time. But although Netflix has gone down before when Amazon's AWS service failed, <a href="http://status.aws.amazon.com/">Amazon's own AWS service dashboard</a> didn't indicate any problems.</p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/fZbqs7pQRcU" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/fZbqs7pQRcU/microsofts-rotten-friday-hack-revealed-as-azure-halo-go-downhttp://readwrite.com/2013/02/23/microsofts-rotten-friday-hack-revealed-as-azure-halo-go-downSat, 23 Feb 2013 07:48:15 GMThttp://readwrite.com/2013/02/23/microsofts-rotten-friday-hack-revealed-as-azure-halo-go-down<!-- tml-version="2" --><figure><img src="http://a4.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyMzAzMDA5Mjk1MjcwNTAy.jpg"></figure><p>What better way to celebrate the week hackers ran rampant than with another security breach? Zendesk, a company that offers IT support tools and customer service software, announced on Thursday that it had been hacked. In a blog post,&nbsp;<a href="http://www.zendesk.com/blog/weve-been-hacked">CEO Mikkel Svane </a>stated, "We've become aware that a hacker accessed out system this week," though he did not say by which method or for how long.</p><p>What separates this attack from the <a href="http://readwrite.com/2013/02/19/apple-falls-victim-to-same-hackers-that-attacked-facebook">malicious malware that infected machines at Facebook and Apple</a> is that these hackers managed to compromise a healthy amount of Zendesk's stored user data, putting users of three of the company's big clients - Twitter, Tumblr and Pinterest - at risk for phishing and other attacks.</p><p>"Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system," wrote Svane, adding, "We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines."</p><p>Svane did not specifically cite Tumblr, Twitter and Pinterest, but support emails sent out from the companies informing users of the attack confirms that user data could have been compromised indirectly. While usernames and passwords were not compromised, the threat of&nbsp;individualized&nbsp;attacks aimed at gaining access to accounts and stealing personal information does exist.</p><p>Tumblr, for example, sent out emails stating the following:&nbsp;<a href="http://www.digitaltrends.com/social-media/zendesk-security-breach/"><br tml-linebreak="true"></a></p><p>"The subject lines of your emails to Tumblr Support may have included the address of your blog which could potentially allow your blog to be unwillingly associated with your email address."</p><p>It went on to advise users to review any emails received from support, abuse, dmca, legal, enquiries or lawenforcement with a @tumblr.com tagged on the end. The fear is that hackers, equipped with people's email addresses and the issues they raised with specific departments at a service like Tumblr, could then phish users with a masked version of that same address.</p><p>Tumblr's support email ended with a warning along those very lines: "Tumblr will never ask you for your password by email. Emails are easy to fake, and you should be suspicious of unexpected emails you receive."</p><p>While it's not exactly comforting to know that you should be suspicious of any and all "unexpected emails," companies like Twitter are taking measures to ensure that the tools are in place to help flag these attacks if they do occur.</p><p><a href="http://blog.twitter.com/2013/02/introducing-dmarc-for-twittercom-emails.html">In a public announcement yesterday</a>, Twitter said that it has been utilizing <a href="http://www.dmarc.org/">DMARC</a>&nbsp;authenticaion technology &nbsp;to help lessen the risk of users giving away personal information. Using established authentication protocols, DMARC gives email providers a way to block email from forged domains. "While this protocol is young, it has already gained a significant traction in the email community with all four major email providers - AOL, Gmail, Hotmail/Outlook, and Yahoo! Mail - already on board…" the post reads.</p><p>While its good to know that Twitter is addressing the hacker threat alongside its fellow social network giants, all these measures are merely reactionary moves following widespread breaches. The Zendesk hack makes it abundantly clear that we need more proactive security measures that include third-parties to keep these attacks from wreaking havoc. Until then, the hackers will keep succeeding, and users will pay the price.&nbsp;</p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/mnm24iQt7Xo" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/mnm24iQt7Xo/zendesk-hack-compromises-user-data-of-twitter-tumblr-pinteresthttp://readwrite.com/2013/02/22/zendesk-hack-compromises-user-data-of-twitter-tumblr-pinterestFri, 22 Feb 2013 19:00:44 GMThttp://readwrite.com/2013/02/22/zendesk-hack-compromises-user-data-of-twitter-tumblr-pinterest<!-- tml-version="2" --><figure><img src="http://a5.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyMzAyOTU4MDI0MDMyODcw.jpg"></figure><p><em>Guest author Bart Copeland is CEO of </em><a href="http://www.activestate.com/"><em>ActiveState</em></a><em>.</em></p><p>Jetpacks, flying cars, hybrid cloud. Which one will be ubiquitous in two years? Here’s a hint: It’s the one that <em>doesn’t</em> involve personal air travel.</p><p>In two years, the cloud-computing-enabled enterprise will have the enviable luxury to take much for granted, including accelerated time to market, seamless deployment, true polyglot coding and agile-as-you-want development.</p><p>And the technology that will enable that bright future? Here’s another hint: It starts with “private PaaS” or private Platform- as-a-Service. Think of private PaaS as cloud middleware for the enterprise — Platform-as-a-Service technology for on-premise service delivery behind a firewall, or an operating system for an enterprise private cloud.</p><p>Here are six ways private PaaS will change the enterprise cloud space by 2015:</p><p><strong>1. Mobile apps will drive enterprise cloud and private PaaS adoption.</strong></p><p>Two years from now, the biggest driver for cloud adoption won’t be traditional applications, it’ll be mobile apps. Disparate workforces already make Bring Your Own Device (BYOD) a cost of doing business for the enterprise: More types of enterprise work will require more types of mobile applications. And that will burden IT leaders mandated with managing the cloud. To retain control (and sanity), those IT leaders will embrace private PaaS technologies to provide integrated application management of mobile (and Web and cloud) applications.</p><p><strong>2. Private clouds will dominate the enterprise market for now… but hybrids will win in the end.</strong></p><p>Marketers spin idealized tales of cross-cloud hybrid love, with capacity-enabling bursts to the public cloud, easy multi-datacenter application administration, better security management, and redundancy/failover operational models abstracted from the developers and employees doing the actual work. It’s a great, achievable vision. But for most enterprises, that hybrid cloud vision is still two years away. Which is why they’re investing in private PaaS architectures now. Today’s enterprise cloud adopters see private cloud — and in particular, private PaaS technology — as the path to tomorrow’s hybrid cloud glory.</p><p><strong>3. Smaller "public PaaS" players will dwindle as Infrastructure-as-a-Service (IaaS) subsumes PaaS.</strong></p><p>To differentiate themselves against commoditization, IaaS service providers will continue to incorporate PaaS technology into their infrastructure service offerings. Service breadth will expand, prices will fall and small business will embrace the low-cost public cloud. But those competitive pricing scenarios will challenge small standalone public PaaS providers as VC funds dry up and competitors either partner with or get absorbed into larger cloud-services corporations.</p><p><strong>4. 2013 PaaS purchase criterion: deployment acceleration. 2015 PaaS purchase criteria: administrative control, true polyglot development, easy extensibility to Big Data.</strong></p><p>In the PaaS world, 2013 will be the year of rapid application deployment: Enterprise private PaaS adopters will see their cloud application deployment cycles reduced from weeks or months to just minutes. In two years, cloud adopters will take that speed-to-market for granted. As a result, enterprise cloud adopters will evaluate private PaaS technology not just for how it accelerates workflow, but for how it impacts the bottom line. In 2015, private PaaS technologies will offer even easier administrative control, support for development in any language, seamless integration to corporate applications (particularly big-data databases), and hybrid cloud capabilities.</p><p><strong>5. Beyond polyglot, "anyglot"" development will move apps forward in ways we can’t yet imagine.</strong></p><p>In today’s cloud technology market, enterprise developers must often choose between their preferred development language and the development language dictated by their IaaS/PaaS solution. When infrastructure services (whether public or private) mandate development environment, it’s the coders who suffer, and they’re the ones who must adapt to the new world order. In some cases, that can mean learning new languages and recoding (or even dumping) legacy applications. But two years from now, we’ll look back on inconveniences like that and laugh. Envision truly polyglot cloud middleware. Applications developed in multiple languages. True cloud application portability. Both developers and cloud managers (DevOps) collaborating. Dogs and cats living together in harmony. Really.</p><p><strong>6. Agile development will be so agile we’ll need a new name for it (“SuperAgile?”).</strong></p><p>Tomorrow’s agility will make today’s agility look laughably slow. In 2015, we’ll enjoy polyglot application development and dynamic deployment. With those capabilities will come newfound agility… not just accelerated nimbleness for cat-herders, but flexibility: Developers can work in the (fast) way that’s right for them. More apps, better apps, delivered to market faster.</p><p>The future looks… um, bright.</p><p></p><p><em>Image courtesy of <a href="http://www.shutterstock.com">Shutterstock</a>.</em></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/hI_xoij5WXQ" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/hI_xoij5WXQ/platform-as-a-service-6-ways-paas-will-change-the-enterprisehttp://readwrite.com/2013/02/18/platform-as-a-service-6-ways-paas-will-change-the-enterpriseMon, 18 Feb 2013 18:00:00 GMThttp://readwrite.com/2013/02/18/platform-as-a-service-6-ways-paas-will-change-the-enterprise<!-- tml-version="2" --><figure><img src="http://a1.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyMzAyOTYzNjYxMTc3NDQ2.jpg"></figure><p>Seems you can't turn around without hearing of another big company having its shirt pulled over its head by hackers. The<em> New York Times&nbsp;</em>and&nbsp;the<em> Wall Street Journal </em>both got <a href="http://www.cnn.com/2013/01/31/tech/china-nyt-hacking">exploited by Chinese hackers</a> recently, and a Michigan television station put out a <a href="http://www.wilx.com/news/headlines/Hackers-Send-Out-Zombie-Alert-from-TV-Stations-in-Michigan-190955151.html">zombie-related Emergency Alert message</a> in a clever, though probably momentarily distressing, hack. Just this morning, UBM announced that its website <a href="http://www.enterpriseefficiency.com/">enterpriseefficiency.com</a> was taken down due to a full-scale&nbsp;denial-of-service attack on its networks.</p><p>And now Facebook has announced that some of its machines were infected.&nbsp;<a href="http://newsroom.fb.com/News/573/Protecting-People-On-Facebook">An announcement on the company's Newsroom blog</a>&nbsp;–&nbsp;posted in the bad-news graveyard of Friday afternoon leading into a long weekend&nbsp;–&nbsp;revealed that the social networking site was targeted by a "sophisticated attack" last month.</p><p>When a handful of Facebook employees visited a compromised mobile developer website, a hosted exploit snuck malware onto their devices. Thanks to antivirus software, Facebook discovered the attack and "remediated" the machines – by which we can only hope means <a href="http://www.youtube.com/watch?v=PywI0BOxJpI">they were fantastically destroyed</a>(though probably they were just wiped and restored).</p><p>After alerting law enforcement, Facebook says it launched a "significant investigation" that's still underway. The company also claims that no user data was compromised in the attack. Facebok offered&nbsp;<a href="http://www.facebook.com/notes/facebook-security/protecting-people-on-facebook/10151249208250766">a more detailed explanation</a>&nbsp;on its security blog, excerpted below:&nbsp;</p><blockquote></blockquote><p>After analyzing the compromised website where the attack originated, we found it was using a "zero-day" (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware. We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability.</p><p>Facebook was not alone in this attack. It is clear that others were attacked and infiltrated recently as well. As one of the first companies to discover this malware, we immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected. We plan to continue collaborating on this incident through an informal working group and other means.</p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/QDnNVzyaOsY" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/QDnNVzyaOsY/and-facebook-was-hacked-toohttp://readwrite.com/2013/02/15/and-facebook-was-hacked-tooFri, 15 Feb 2013 23:30:00 GMThttp://readwrite.com/2013/02/15/and-facebook-was-hacked-too<!-- tml-version="2" --><figure><img src="http://a5.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyMzAyOTQ3Mjg2NjgwMTY2.jpg"></figure><p>For all the wonder and convenience of the post-PC era, there's one big disadvantage worth griping about: As we move toward tablets and smartphones, our devices are getting harder to open up and fix ourselves.</p><p>It's not just Apple products, either. Sure, Cupertino's wares have become so notoriously hard-to-fix for so long, that a <a href="http://readwrite.com/2012/08/16/how-a-bogus-apple-rumor-hoodwinked-online-news-outlets">bogus news story about Apple developing a new asymmetric screw</a> spread from like wildfire last year before people figured out it was fake. As it turns out, though, <em>most</em> tablets and smartphones are relatively hard to fix ourselves. The <a href="http://www.ifixit.com/Teardown/iPad+4+Teardown/11462/1">iPad is pretty bad</a>, for example, but the new Microsoft Surface Pro is even worse.&nbsp;</p><p></p><p>In a recent <a href="http://www.ifixit.com/Teardown/Microsoft+Surface+Pro+Teardown/12842/3">teardown by iFixIt</a>, the Surface Pro scored a measly 1 point out of 10 on the site's fixability scale. That's a point lower than the fourth generation iPad and iPad Mini (which were tied at a still-pathetic 2 points).</p><p>The Surface Pro has more than 90 tiny screws inside it. Yes, <em>90 screws</em>. On top of that, many components are glued together using adhesive that makes it difficult for do-it-yourself tinkerers to take the device apart and swap out parts.&nbsp;</p><p>Thankfully, Microsoft does let you (very carefully) remove the battery, which is thankfully not soldered into place. But try removing the LCD screen or solid state drive and you're likely to ruin your brand new tablet/ultrabook hybrid.&nbsp;</p><p>The Kindle Fire HD, Nexus 7 and iPhone 5 are all considerably easier to open up and tinker with. But at 7 points apiece, these devices still aren't as consumer friendly as PCs used to be. It would appear that we're trading our freedom to update, expand and repair our devices for convenience, sleek design and unwieldy gobs of adhesive.</p><p>(Of course, It's not just tablets and smartphones. <a href="http://readwrite.com/2012/08/10/apples-war-on-tinkerers-continues-with-the-retina-macbook-pro">Apple's newest laptop got some very low marks</a> from iFixIt, which called the retina MacBook Pro "the least repairable laptop yet.")</p><h2>A Crappy Deal For Consumers</h2><p>These new devices might be slick and trendy, but this trade-off sucks for consumers. Since repairs and hardware upgrades (insofar as they're even possible) are harder to complete at home, fixing a shattered screen, replacing a component or troubleshooting hardware problems requires consumers to pay some high-priced technician or replace the device all together.&nbsp;</p><p>There's an obvious strategic incentive here. Companies like Apple depend on consumers upgrading their devices every year or two in order to keep their sales flowing. Why risk fixing my iPhone myself when I can trade up to a shinier, faster new iPhone 5?</p><p>For Microsoft, Apple, Samsung, and other hardware manufacturers, The Age Of Unrepairable Machines is a good thing. For everybody else, it's kind of a bummer.&nbsp;</p><p></p><p><em>Lead image from iFixIt.</em></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/O1Mch60THOU" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/O1Mch60THOU/microsoft-surface-pro-is-even-harder-to-fix-than-an-ipadhttp://readwrite.com/2013/02/14/microsoft-surface-pro-is-even-harder-to-fix-than-an-ipadThu, 14 Feb 2013 11:00:00 GMThttp://readwrite.com/2013/02/14/microsoft-surface-pro-is-even-harder-to-fix-than-an-ipad<!-- tml-version="2" --><figure><img src="http://a1.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyMzI0Mjk2NzYzNzMxMjI1.jpg"></figure><p>Major regulation is pending that could change the future of the mobile ecosystem and the way mobile apps are made, played and paid for. And it's not all good.</p><h2>The Problem With App Rights</h2><p>Two weeks ago, <a href="http://hankjohnson.house.gov/">Rep. Hank Johnson</a> (D-GA) released the <a href="http://apprights-hankjohnson.house.gov/2013/01/apps-act.shtml">APPS Rights Act</a>, a bill pushing developers to implement self-regulatory practices that would improve the security and transparency of user data in mobile apps. "This bill would require that app developers maintain privacy policies, obtain consent from consumers before collecting data, and securely maintain the data that they collect," Johnson's office <a href="http://apprights-hankjohnson.house.gov/2013/01/summary-of-key-provisions-in-the-apps-act.shtml">writes online</a>.</p><p>There's not question that changes are needed. Mobile users must be able to make their information isn't transmitted and sold to third-party vendors. But like similar regulatory efforts, including the recent <a href="http://www.ftc.gov/opa/2013/02/mobileprivacy.shtm">do-not-track mobile privacy guidelines</a> laid out by the <a href="http://www.nytimes.com/2013/02/02/technology/ftc-suggests-do-not-track-feature-for-mobile-software-and-apps.html?_r=0">Federal Trade Commission </a>last Friday, and last month's <a href="http://readwrite.com/2013/01/10/californias-new-mobile-app-privacy-guidelines-go-beyond-the-law">recommendations to the mobile industry</a> from California Attorney General Kamala Harris, there's both good and bad aspects to the specific approach taken by the APPS Rights Act. And unfortunately, there's plenty of bad.</p><p></p><p>One problem with these guides is that they are penned by people outside of the industry — often in the dark about the best ways to reach their laudable goals. Harris' recommendation and the FTC's suggestions comprised a slew of <em>unenforceable</em> recommendations. The APPS bill, meanwhile, would become a <em>mandate</em> if adopted. A mandate likely to lead to unintended consequences to the mobile marketplace.</p><p></p><h2>Developers Are Worried</h2><p>Security expert&nbsp;<a href="http://dankaminsky.com/">Dan Kaminsky</a>&nbsp;says&nbsp;the slow, muddled, legislative process can create frameworks bearing "no resemblance to the problems that need to be solved." Kaminsky thinks this could lead to applications having to show users exactly what they're doing in a hardware add-on - &nbsp;akin to web cams having a light that goes on&nbsp; insuring people are aware of exactly what they're doing.</p><p>"What I fear is you won't be able to write code without having to consult a lawyer," he says. And if that happens, Kaminsky adds, developers are likely move away from making mobile apps and return building websites.&nbsp;</p><p>Beyond subjecting users to long, complex terms-of-use agreements, the doesn't do a good specifying what happens to collected data beyond the third parties, says Joe Santilli, the chief executive of the mobile app certification service <a href="http://safeappmobility.com/">SafeApp. </a>This gray area is known as data retention.&nbsp;</p><p>"It really doesn't make any provisions whatsoever for how third parties are going to share the data with so-called fourth or fifth parties," Santilli explains. "For example, a marketing partner of an ad network. These people are going to share the data that they cull from these apps... to fourth and fifth parties."</p><p>No one knows the length of time personal data will be stored, the rights of users and the process by which they exercise their rights when dealing with third and fourth parties. The APPS bill's withdrawal of consent form is a weak attempt at stemmin the data flow. The Opt Out of App Use function requires developers to delete all data if a user opts out. But that doesn't address the issue of fourth and fifth parties that may already have the data in question:</p><p>"By the time the app developer has seen this request from the user, this data has already been shared by the third party (to) the marketing partners, the ad networks, the ad analytics partners," Santilli says. "At this point you can't really put the genie back in the bottle, can you?"</p><p>At the same time, having to meet these requirements could kill the drive of young entrepreneurs, says developer <a href="http://www.osurv.com/#team">Jad Meouchy</a>.&nbsp;"This act will end up creating a barrier for new startups... by doubling development time and creating data management headaches," he predicts. "When you're an indie developer, there are simply not enough resources to address this kind of compliance."</p><h2>Real-World Example</h2><p>Benjamin Goering, the technical product manager at <a href="http://superbowl.livefyre.com/">Livefyre Labs</a>, manages more than 10 million comment threads and personal user accounts for customers. When those customers upgrade from freemium accounts to enterprise versions, they want their user data and accounts migrated. But if those people have not authorized that data to be shared, Livefyre can't make the transition for them.</p><p>But rather than stifle innovation, Goering worries that users won't take the rules seriously if they don't work.&nbsp;"It may be completely ignored if it's out of touch," Goering said. "If it's well legislated, it may be useful to have a framework for safe harbor" where developer can be confident they won't get sued</p><p>His team faced that issue when working on a Super Bowl product that aggregates tweets and Instagram photos. This raises the question of whether or not users know shared content is ripe for the plucking. Livefyre bet that users know their shared content may be re-used, and&nbsp;decided not to worry about legal red tape.&nbsp;</p><p>Goering warns that if developers have to wait for lawmakers to resolve everything, "it would be impossible to make week-long projects."</p><p>"The nature of the Web is you're requesting a document and receiving it - at some level data is being taken," he says. "Where do you draw that line?"</p><p></p><p><em>Photo courtesy of </em><a href="http://www.shutterstock.com/"><em>Shutterstock</em></a></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/LOyO3WswfXw" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/LOyO3WswfXw/why-legislating-app-rights-is-not-a-good-ideahttp://readwrite.com/2013/02/04/why-legislating-app-rights-is-not-a-good-ideaMon, 04 Feb 2013 14:30:00 GMThttp://readwrite.com/2013/02/04/why-legislating-app-rights-is-not-a-good-idea<!-- tml-version="2" --><figure><img src="http://a5.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyMjk0ODM3MzE0NjgzNDk0.jpg"></figure><p><a href="http://www.crashlytics.com/">Crashlytics</a>, the Boston-based crash reporting solution for iOS apps is moving on up - from independent startup to the newest wrench in Twitter's tool box. The announcement was made Monday on <a href="http://www.crashlytics.com/blog/crashlytics-is-joining-forces-with-twitter/">Crashlytic's blog</a> and quickly circulated the Web.&nbsp;&nbsp;</p><div tml-external-provider="twitter" tml-external-id="spencerchen:296026814491549696"></div><h2>Was This A Man-quisition?</h2><p>The service, <a href="http://readwrite.com/2011/11/08/crashalytics-knows-why-your-io">which debuted in late 2011</a>, has quickly become known as a useful tool for app developers looking for a streamlined method to find the root cause of product bugs.&nbsp;Terms of the deal were not disclosed, but it could represent a major payday for co-founders Jeff Seibert and Wayne Chang. It's not yet clear if Twitter is interested in the Crashlytics product line, or just its engineering talent in an acquihire.</p><p>"With us, developers gain instant visibility into the precise line of code that caused a crash, enabling them to more easily fix issues," Seibert and Chang wrote in their announcement Monday. "Since our iOS launch, we’ve had the privilege of working with thousands of incredible app developers, from those building independent passion-projects to many of the top iOS apps available today – Twitter, Vine, Yelp, Kayak, TaskRabbit, and Waze."</p><h2>Now What?</h2><p>Coming on the heels of the <a href="http://readwrite.com/2013/01/24/twitter-vine">Vine acquisition</a>, it's likely that this will be the newest addition to the Twitter family continuing to operate as a third-party service, post-purchase.</p><p>In their post,&nbsp;Seibert and Chang wrote "much will remain the same.&nbsp;Development of Crashlytics will continue unabated and we remain dedicated to working with all of our customers – current and new, big and small – to deliver the key app performance insights they need."</p><p>So why did Twitter make the deal? "It seems like a strategy to grow the mobile team," says Jad Meouchy, a mobile app developer in Los Angeles, and co-founder of <a href="http://www.osurv.com/">Osurv</a>, a custom mobile survey app. "It looks like a straight talent acquisition." &nbsp;But&nbsp;Meouchy also calls Crashlytics a strong and mature mobile additive that gives Twitter "the people they need to start making their own mobile apps."</p><p>Spencer Chen, the senior director of business development at <a href="http://www.appcelerator.com">Appcelerator</a>&nbsp;agrees that this is a strategic move by Twitter to expand their offerings.&nbsp;</p><p>"I believe Twitter is going to take the extension of their service onto mobile and devices very seriously by coming out with their version of a mobile SDK (software development kit), which will include key features that every developer wants, crash test reporting via Crashlytics," he said.&nbsp;"Right now Twitter pushes everything out via their APIs, which is all backend services. If they had a real mobile SDK, then they can really optimize development productivity and mobile performance by having certain capabilities into the third mobile (and) device apps itself."</p><p>With Vine, Twitter's planted its flag in the ground to announce its plans to conquer mobile social video. Could Monday's Crashlytics move be the beginning of a new era for Twitter mobile app development? And a tool to help address problems with Vine?</p><p>We'll know soon enough.</p><p></p><p><em>Photo courtesy of Twitter.</em></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/AyH-A7j4aOk" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/AyH-A7j4aOk/crashlytics-twitter-purchases-the-ios-app-crash-reporterhttp://readwrite.com/2013/01/29/crashlytics-twitter-purchases-the-ios-app-crash-reporterTue, 29 Jan 2013 02:34:00 GMThttp://readwrite.com/2013/01/29/crashlytics-twitter-purchases-the-ios-app-crash-reporter<!-- tml-version="2" --><figure><img src="http://a5.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyMjk0Njg5NDA2ODA3MzIx.jpg"></figure><p>When Microsoft gave its first public preview of Windows 8 in 2011, the now-President of Windows <a href="http://readwrite.com/2012/11/12/windows-boss-sinofsky-out-at-microsoft">Julie Larson-Green</a> sent shockwaves through the Windows development world with just four words: "our new development platform." The reason? That platform was based on HTML5 and Javascript.</p><p>To casual observers, that makes sense. <a href="http://readwrite.com/2012/12/26/5-trends-in-html5-in-2012">HTML5</a> is roaring to the forefront of development <a href="http://readwrite.com/2012/08/21/html5-ready-for-prime-time-dont-believe-the-hype-cycle">far faster than industry predictions</a>. We even saw some <a href="http://readwrite.com/2012/06/06/finally-a-cross-platform-html5-game">commercial proof of the platform's "Write Once, Run Anywhere" promise</a> in 2012. To seasoned Windows developers, though – particularly those building enterprise apps in dedicated Microsoft shops – it crushed their world. After spending decades learning to use different languages and development environments – most recently Microsoft's proprietary but feature-rich <a href="http://msdn.microsoft.com/en-us/library/aa970268.aspx">WPF</a> and <a href="http://readwrite.com/2010/11/01/html5">Silverlight</a> – the thought of jumping ship for HTML5 was devastating.</p><p>Microsoft has backpedaled in a number of forums since then, assuring developers that while HTML5 is the new standard for cross-platform apps, other tools will continue to work for Windows-only development. But the writing is on the wall. HTML5 is the future, so if you develop enterprise Windows applications, should you bite the bullet and make the move?</p><figure><img src="http://a1.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyMzAyNzUxMDYwMjk2Mjk0.jpg"></figure><h2>Will HTML5 Save Enterprises Money?</h2><p>The cost argument will rage for some time. One camp holds that HTML / Javascript developers are cheap and plentiful, so HTML5 is necessarily cheaper. The other side believes that instability of the HTML5 spec (only&nbsp;<a href="http://www.w3.org/2012/12/html5-cr">recently finalized</a> and not scheduled for Recommendation status until 2014) compared to the more mature development environments available for "traditional" Windows development means developers can build complex applications faster, without worrying about tweaking things down the road.</p><p>The CTO of one small software vendor saw value in both views: "For our simpler apps, I can hire kids with good Javascript skills and let them learn the Windows specifics on the job. For really complex applications with tens of thousands of lines of code or more, It would be dumb to break what already works." He added that his more experienced Windows developers are mentoring the generally younger HTML developers to cross-pollinate&nbsp;knowledge. "Ultimately, each tool will have a use, for at least the next several years, and I want all of my devs to be able to pick the one that makes sense."</p><h2>"Serious Coders" vs. "Script Kiddies"</h2><p>His biggest problem so far is a reluctance to embrace change. "I have a couple 28-year-olds who act like grumpy old men, afraid that the 'script kiddies' without any real computer science knowledge are moving in on their turf. To them, HTML5 cheapens the application, dumbs down their resumes, and opens the door to a whole lot of bad coding from people who know how to make Web pages, but don't have any formal experience with structured coding."</p><p>The last point is probably the most valid. Knowing HTML and some Javascript isn't a particularly high bar, so enterprises need to be diligent about hiring and mentoring. If you pull developers off of Craigslist for $15 an hour, you're not going to get quality enterprise work. Even well-established Web developers coming from a <a href="http://en.wikipedia.org/wiki/LAMP_(software_bundle)">LAMP</a> background may not have the right experience. A mentoring program using <a href="http://en.wikipedia.org/wiki/Agile_software_development">Agile</a> or another pair-programming methodology – can be a great way to ease Web developers into a more formal programing environment.</p><h2>What Do Developers Want?</h2><p>One long-time C++ and (more recently) C# developer wasn't excited about the rise of HTMLt5: "Eh. I get what they're doing. It's all about the portability of UI. They've been on that path for a long time, but whatever. The thing is, developers don't want to learn a new markup when Microsoft has already forced them to learn one recently. WPF / Silverlight is crap, but so was Winforms. If they'd skipped WPF, they'd probably have more success trying to get people to shift to HTML5... I'll go where the money is, though."</p><p>That last point is telling. Developers will follow the work, they really don't have a choice. And that it won't be long before everyone will be doing at least some work in HTML5. Smart enterprises will be begin mixing in some of that work now makes sense, but there's not yet good reasons for a complete shift.</p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/JhpCgX__-w0" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/JhpCgX__-w0/will-windows-8-bring-html5-to-enterprise-applicationshttp://readwrite.com/2013/01/07/will-windows-8-bring-html5-to-enterprise-applicationsMon, 07 Jan 2013 14:00:00 GMThttp://readwrite.com/2013/01/07/will-windows-8-bring-html5-to-enterprise-applications<!-- tml-version="2" --><figure><img src="http://a1.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyNDM0MDg5MDEyODQ5OTQ1.jpg"></figure><p>Last September, shortly after the attacks on the U.S. diplomatic compound in Benghazi, a company tweeted me that they were going to make our site, <a href="http://www.smallbizdaily.com/">SmallBizDaily.com</a>, their “small business resource of the day.” My joy was short-lived when the next morning they tweeted that my site had been hacked.</p><p>I quickly checked (it was still early morning on the West Coast, where we’re located) and sure enough, instead of the usual array of small-business content I was greeted by an unfamiliar image of a Middle Eastern-looking man, Arabic lettering and a video about the glories of Allah. I blinked, gulped more caffeine and reloaded the page. No luck — the image was still there. “We’ve been hacked,” I muttered, still not believing what I was seeing.</p><h2>Weeks Of Agony - Months Of Work</h2><p>Then followed two weeks of agony and struggle as our Web-hosting company worked to deal with the situation, while also helping their many other small-business clients who had been hacked as well.</p><p>It seems someone had placed malicious code on our site that lay dormant for months -- and only popped up that morning. “It was like cancer,” recalls my business partner, who dealt with the situation. “To make sure [the code] was really gone, we had to clean out all of the files we had loaded since the initial hack.”</p><p>Months of work was wiped out — and every time we thought it was fixed, the hack popped up again. I was repeatedly embarrassed; it seemed every time I would tell someone (including the company that originally told me about the hack) the site was fine, within minutes the hack would reappear. We then had to delete and reload more files, more times than I care to remember.</p><h2>We Were Lucky!</h2><p>Believe it or not, my company was one of the lucky ones. David Maman, founder and CTO of database security company <a href="http://www.greensql.com/">GreenSQL</a>, said our hack was the “old-fashioned” kind.</p><p>“Five or 10 years ago, the purpose of hacking was defacement,” explained Maman, an international expert in computer security who has founded seven tech companies. “It was very obvious when you were hacked — a friend would call and say ‘Hey, what’s going on with your website?’ Today, with a successful <a href="http://en.wikipedia.org/wiki/SQL_injection">SQL injection</a> hack, there will be no sign that someone has retrieved your entire database.”</p><p>How can you be hacked without knowing it? If it can happen to <a href="http://readwrite.com/2011/04/26/no_timeframe_for_playstation_network_return_after_hack">Sony</a> and <a href="http://abcnews.go.com/US/linkedin-hacked-64-million-user-passwords-reportedly-leaked/story?id=16508728#.ULgOc4Urf9R">LinkedIn</a>, he said, it can certainly happen to your small business.</p><h2>Tech Startups Especially Vulnerable</h2><p>Ironically, tech startups — with their low budgets, long hours and cocky techies coding day and night on their personal laptops and mobile devices — may actually be more vulnerable to hacks than less tech-oriented businesses.</p><p>Changes in the nature of business have affected how hackers operate, said Maman, “Everything is about online today, and almost every [business] is providing some type of online service or app. As a result, the line between internal and external data is blurred, and all of your information is exposed.”</p><p>You might think you have nothing to worry about if you aren’t selling products or collecting card data online. Think again, he says, who explains that most hack attacks today are completely automated. “They don’t even know who you are — they just check websites for vulnerabilities, and if they find them, they will attack.”</p><p>In fact, ecommerce companies or other businesses that collect customer credit and payment data may be <em>less</em> at risk of hacking because they must be <a href="https://www.pcisecuritystandards.org/">PCI (Payment Card Industry) compliant</a>. “These regulations are actually beneficial,” said Maman.</p><p>What if, like so many small business owners, you simply provide a free app or service? All you’re collecting from customers is their registration information, which could be as simple as their name and email — so what do you care if it’s compromised?</p><p>“Data is the new currency,” he warned — and that includes any type of data, not just financial information.</p><p>Maman explained that hackers may manipulate customer data to inject malicious code that serves up competitors’ information instead of your own, penetrates the customer’s computer, or worse.</p><p>“It’s not about losing information — which may not be worth that much — but about harming your customers, hurting your brand and destroying your reputation.”</p><p>If a customer’s computer gets infected after using your service, are they likely to return? Worst of all, you won’t even know your business has been hacked until it slowly withers and dies as customers fade away.</p><h2>What To Do If It Happens To You?</h2><p>“If in the past it was a big taboo to let customers know that you’ve been hacked, today it’s not,” he said, citing LinkedIn as an example. “Letting your customers know won’t hurt you — it will show that you’re being responsible.”</p><p>Ask them to change their passwords on your site and on any other sites where they use the same password. Apologize; then explain what measures you will take to make sure the hack won’t happen again.</p><h2>Beef Up Your Defense</h2><p>Those measures should include three key steps:</p><p><strong>1. Secure your coding.</strong> “Most of the basic attacks, and even some of the more advanced ones, are due to unprofessional coding,” said Maman. “There’s a lot of information online about how to secure coding.” Educate yourself and take the steps.</p><p><strong>2. Harden your computers</strong> at the operating-system level, applications level, server level, network-access level and even the individual customer level. Hardening essentially means eliminating unnecessary software, restricting access and otherwise blocking everything that is not essential. “Hardening documentation can be found online,” he said.</p><p><strong>3. Use free and open-source software.</strong> Security doesn’t have to cost a lot for a small business. “<a href="http://www.modsecurity.org/">ModSecurity</a> is a free, open-source Web application firewall,” said Maman. “<a href="http://www.greensql.com/content/greensql-express">GreenSQL Express</a> is our free database firewall.”</p><p>Most of all, pay attention to security. Without the money for a dedicated IT security staffer, your team needs to be even more responsible than big-company employees about what’s running on their devices.</p><p>Don't worry; security doesn't have to be a business killer.</p><p>“People think of IT security as a hassle, a lot of work and a waste of time,” he said. “That’s not the case. Just one day’s work can increase your security level 100%.”</p><p></p><p><em>Image courtesy of <a href="Http://www.shutterstock.com">Shutterstock</a>.</em></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/igC5B3zrqtA" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/igC5B3zrqtA/it-happened-to-me-my-small-business-website-got-hackedhttp://readwrite.com/2012/11/30/it-happened-to-me-my-small-business-website-got-hackedFri, 30 Nov 2012 13:00:00 GMThttp://readwrite.com/2012/11/30/it-happened-to-me-my-small-business-website-got-hacked<!-- tml-version="2" --><figure><img src="http://a4.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyNDM0MjQ0MTY4NDEyNDQx.png"></figure><p>The world has just gotten a cool new free virtual museum, the one that Google built. &nbsp;</p><p>Aptly named <a href="http://www.google.com/culturalinstitute/#!home">Google’s Cultural Institute</a>, the Internet-based multimedia site showcases first-hand testimonials, photographs, artifacts and manuscripts that until last <a href="http://googleblog.blogspot.com/2012/10/bringing-history-to-life.html">Wednesday</a>, you had to take a plane trip or at least pay an admission fee to see.</p><h2>A Museum Milestone</h2><p>Museum of Polish History <a href="http://www.brecorder.com/it-a-computers/206/1248048/">called</a> the Cultural Institute “a real revolution." Avner Shalev of <a href="http://www.yadvashem.org/">Yad Vashem</a> - also a Cultural Institute partner - <a href="http://www.google.com/culturalinstitute/about/">said</a> of the project, “it might be seen as one of the major milestones in modern history.” &nbsp;Not only is Google’s Cultural Institute providing public access to documents otherwise previously unavailable for mass consumption, the project is “taking away the notion of physical custody of archival material” noted Razia Saleh of the <a href="http://www.nelsonmandela.org/">Nelson Mandela Centre of Memory</a> in a <a href="http://www.google.com/culturalinstitute/about/">mini-doc</a> about the project.Building on the success of Google’s <a href="http://www.googleartproject.com/collections/">Art Project</a> launched in February of 2011 in conjunction with now over 150 museums, Google partnered with 17 additional foundations and museums to launch 42 free digital exhibits as part of the Cultural Institute.</p><h2>Not A Light-Hearted Experience</h2><p>The 42 exhibits are a solid foundation and focus on World War II, the Holocaust and South African politics. Light-hearted or uplighting fare is few and far between. Google’s Mark Yoshitake has acknowledged the project will expand in the future though.</p><p>The exhibits themselves are displayed on a horizontal timeline, with navigation predominantly left and right arrows on both sides of the screen (you scroll across as opposed to scrolling down). This orientation makes sense when thinking about how exhibits are displayed in the real world, and Google has done a good job with its darker color scheme in keeping the site beautiful but solemn.</p><h2>My Personal Thoughts</h2><p>Eager to experience this revolutionary and game-changing web project, I spent a couple of hours perusing the site’s offerings. It wasn’t a life-altering experience, but I could immediately see its usefulness, especially if I was researching a moment in history covered by one of the digital exhibits.&nbsp;</p><p><a href="http://www.google.com/culturalinstitute/#!asset-viewer:l.id=_AGIZJzwGuKeNQ">Personal items</a> that you would only see in a museum were also included in the exhibits, including photographs of Frank’s infamous diary in <a href="http://www.google.com/culturalinstitute/#!exhibit:exhibitId=wQi4lSIy">the Anne Frank exhibit</a>, and pictures of locks of hair in the <a href="http://www.google.com/culturalinstitute/#!exhibit:exhibitId=gRatYvcU">Tragic Love at Auschwitz</a> exhibit. These items were diligently added by curators trying to create in-depth stories about their subjects - and I certainly appreciated them.&nbsp;But I couldn’t help but feel their impact on me was cheapened when viewed through the Internet as opposed to me seeing it in person.</p><p>In a good museum, getting lost can be half the fun. Google’s Cultural Institute isn’t built yet for this type of free-form exploration, though I was able to achieve a bit of that same sense of discovery by browsing through the photo collections of LIFE and Getty Images, a search that was surprisingly clunky for a Google product. While browsing, I found this <a href="http://www.google.com/culturalinstitute/#!asset-viewer:l.id=ZgHF1dX96ZohTQ">1985 photo of former Libyan leader Gaddafi</a> and a whole section of photos about the <a href="http://www.google.com/culturalinstitute/#!browse:q.8129907598665562501=1000&amp;q.%2Ftime%2Fevent=%2Fm%2F01w1sx%2C%2Fm%2F01zd7d&amp;q.openId=%2Ftime%2Fevent">1956 Hungarian Revolution</a>. As a refugee from a former Soviet Union-occupied country, I was disappointed by the lack of cohesive exhibits about the USSR (or Hungary), but the vast photo collections might one day be organized like the previously mentioned 42 exhibits. (Some additional treats I found: <a href="http://www.google.com/culturalinstitute/#!asset-viewer:l.id=1AGVZ_dOt_w2TA">this photo</a> of a gay couple walking by graffiti on the Berlin wall, <a href="http://www.google.com/culturalinstitute/#!asset-viewer:l.id=3wFjit8Jca9xLw">Boris Yeltsin making a fist</a> while a portrait of Lenin looks on, and an&nbsp;<a href="http://www.google.com/culturalinstitute/#!asset-viewer:l.id=JQEHuzcBzaxZCQ">anti-NATO communist propaganda poster from 1981</a>.)</p><p>Would I visit the Cultural Institute again? Definitely. But it in no way replaced the experience of an actual museum. If anything, it made me appreciate my local (and physical) institutions a bit more.</p><p></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/xOW3ZJYDSZc" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/xOW3ZJYDSZc/the-virtual-museum-that-google-builthttp://readwrite.com/2012/10/18/the-virtual-museum-that-google-builtThu, 18 Oct 2012 12:30:00 GMThttp://readwrite.com/2012/10/18/the-virtual-museum-that-google-built<!-- tml-version="2" --><figure><img src="http://a3.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyNDM2MjM0MDgwNDUzMjIy.jpg"></figure><p>When the Web was still text links and tables, Adobe Flash brought us rollovers, interactive games and kitten videos. But a hard stand by Apple was the begining of the end for the groundbreaking technology, and guess what? We'll be OK without it.</p><h2>The Backstory</h2><p>The early years of the Web were pretty barren, multimedia-wise. Browser inconsistencies, bandwidth disparities, perpetually evolving standards and the cowboy coding needed to hack everything together made interactivity beyond text forms a mess.</p><p>Quality online multimedia experiences were a joke. To fill the holes, ambitious developers released a slew of plug-in applications users could install to augment their experience. Some of these were specific enhancements, like allowing a browser to display a new image format, while others were entirely new environments that ran inside a browser. Over time, the best plug-ins tended to work their way into the browsers or updated HTML specifications, while lesser ones died on the vine as they became irrelevant.</p><p>The biggest exception to this rule was Macromedia Flash, a graphics and animation client plugin with its own design environment. Flash, which began as a Mac and Windows application called FutureSplash Animator, made it simple for designers to bring shrinkwrap-quality, graphically rich interactive media to Web users for the first time.</p><p>Over the next decade, Flash's powerful, simple authoring environment attracted legions of developers and designers and its user base exploded. Ad agencies and ambitious businesses jumped on the additional interactivity it added to vanilla HTML, and by 2000, Flash was unavoidable, showing up in interactive ads, pop-up menus and online video players. In some cases, it even replaced entire websites. Adobe's 2005 purchase of Macromedia further consolidated the design tool industry and gave Flash even more support.</p><p>While pop-ups and online games were the most noticeable example of the platform's dominance, Flash started creeping into traditional business applications, as well. The broad developer base and cross-platform appeal gave rise to Rich Internet Applications (RIA) like <a href="http://www.balsamiq.com/products/mockups">Balsamiq Mockups</a>, a prototyping tool of which I'm both a fan and a paid user. RIAs require installation of a client framework (in Adobe's case, the Adobe Integrated Runtime environment), but developers can push out a single application in a very short time that runs on any compatible client, which is also a big plus for mobile workers.</p><h2>The Problem</h2><p>In a word: Apple.</p><p> Flash's problems run deeper than any one competitor, but Apple brought down the house. When Apple released the iPhone and iPad without support for Flash, it ended a long history of cooperation between the two companies (Apple actually owned a fifth of Adobe early on) and called into question the validity of Flash's cross-platform claims. Sure, Android supported Flash, as did Windows, Linux and Apple's own Mac OS, but iOS was a glaring hole.</p><figure><img src="http://a2.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyNDM2MjM2MjI3OTM2ODcw.jpg"></figure><p>There were a host of other problems with Flash, from <a href="http://www.itpro.co.uk/643459/us-government-calls-for-adobe-flash-player-upgrades">serious security flaws</a> to performance problems (many of which Steve Jobs called out in his now-famous <a href="http://www.apple.com/hotnews/thoughts-on-flash/">2010 post</a>), but in the end, the lack of an iOS client spelled the doom of mobile Flash.</p><p>With iOS off the table, Adobe <a href="http://www.readwriteweb.com/mobile/2012/08/adobe-flash-on-android-rip.php">ceded the Android market</a>, as well. That leaves mobile developers with the task of developing redundant native apps or – as Apple and others have long recommended – apps built in HTML 5.</p><p>And there's the issue. By giving up the mobile Web, Adobe has effectively abandoned the rest of the Web, too. Why bother writing a desktop-based browser app in Flash when you can just reuse (or at least tweak and repurpose) the code you've written for mobile platforms? It took 10 years longer than usual, but Apple's refusal to support Flash exposed a truth. Technology has caught up, and we no longer need Adobe's plugin–or at least we're close. Microsoft <a href="http://www.theverge.com/2012/5/23/3039451/windows-8-adobe-flash-support-internet-explorer-10-metro-browser">announced a limited role for Flash</a> in Windows 8's Metro browser. It's an acknowledgement that we're not quite Flash-free yet, but the writing is on the wall.</p><p></p><figure><img src="http://a5.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyNDM2MjM3ODM4NTQ0MTUz.png"></figure><h2>The Prognosis</h2><p>With tablets and smartphones outselling PCs, the mobile Web <em>is</em> the Web, so Flash isn't an option. Developers can bridge UI differences between devices (e.g., designing for both mouse-driven and touchscreen interfaces) within HTML 5, so Flash in the browser will all but disappear.</p><h2>Can This Technology Be Saved?</h2><p>Flash will never return to the prominence it once had, but it will linger on the desktop for as long as there are skilled developers willing to do the work. Adobe offers solid tools that appeal to a lot of non-traditional developers, and the development environment could continue to serve those users as they build apps for other platforms. However, compared to the juggernaut of an ecosystem Flash used to be, that's a niche market, so Adobe could easily decide to bow out or sell off the product.</p><p></p><h2>Previous Technology Deathwatches</h2><p><strong><a href="http://www.readwriteweb.com/enterprise/2012/10/readwriteweb-deathwatch-in-house-datacenters.php">In-House Datacenters</a>:</strong> No change</p><p><strong><a href="http://www.readwriteweb.com/mobile/2012/10/readwriteweb-deathwatch-point-and-shoot-cameras.php">Point-and-Shoot Cameras</a>:</strong> No change</p><p><strong><a href="http://www.readwriteweb.com/archives/readwriteweb-deathwatch-video-game-consoles.php">Video Game Consoles</a>:</strong> The utility of bundles apps like Netflix and Vudu seems to be slipping. An&nbsp;<a href="https://www.npd.com/wps/portal/npd/us/news/press-releases/tvs-overtake-pcs-as-the-primary-screen-for-home-viewing-of-online-video/">NPD Study</a> showed that one in five consumers who view streaming video on their TVs do so without a peripheral device.</p><p><strong><a href="http://www.readwriteweb.com/archives/readwriteweb-deathwatch-blu-ray.php">Blu-Ray</a>:</strong> The same NPD study reveals that "online video is maturing” as users migrate to watching streaming media on their TVs.</p><p><strong><a href="http://www.readwriteweb.com/enterprise/2012/09/readwriteweb-technology-deathwatch-qr-codes.php">QR Codes</a>:</strong> It's been a mixed bag. While Bank of America is <a href="http://news.cnet.com/8301-1035_3-57521614-94/bank-of-america-tests-qr-code-mobile-payment-service/">testing QR codes for mobile payments</a> (good news for the technology), a security researcher demonstrated how a malicious QR code <a href="http://www.redorbit.com/news/technology/1112700927/samsung-smartphone-nfc-qr-code-hack-092512/">could be used to wipe a Samsung smartphone</a>.</p><h2>Company Deathwatches</h2><p>For an update on our baker's dozen of company Deathwatches, check out our updated&nbsp;<a href="http://www.readwriteweb.com/archives/readwriteweb-deathwatch-update-the-unlucky-13.php">ReadWriteWeb DeathWatch Update: The Unlucky 13</a>.</p><p></p><p><em>Steve Jobs image by&nbsp;<a href="http://en.wikipedia.org/wiki/User:Matt_Yohe">Matthew Yohe</a>.</em></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/ICqhcveGxoA" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/ICqhcveGxoA/readwriteweb-deathwatch-flashhttp://readwrite.com/2012/10/16/readwriteweb-deathwatch-flashTue, 16 Oct 2012 11:30:00 GMThttp://readwrite.com/2012/10/16/readwriteweb-deathwatch-flash<!-- tml-version="2" --><p></p><div tml-external-provider="vimeo" tml-external-id="45966677"></div><p>Your next suitcase might follow close at your heels as you make your way through the airport. Tell Roomba to clear out space in the closet.</p><p>Built by a member of CargoCollective's creative online community, Hop (think: bellhop) uses three built-in sensors that communicate via Bluetooth with your cellphone. Hop! follows your phone at a set distance with the aid of two simple caterpillar tracks built into the bottom. &nbsp;</p><p>Should Hop get separated from you (or the signal become too weak to receive), the suitcase will lock itself and alert your phone. It’s not clear how you would find the suitcase after it has alerted you to being lost - this is a prototype and the <a href="http://cargocollective.com/ideactionary/hop">webpage</a> is sparse - but some sort of GPS tracking device is probably in order. &nbsp;</p><p></p><figure><img src="http://a4.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyNDM0NjM2MDg0MTc4MjAx.jpg"></figure><p>Hop doesn’t shake, beep and unpack itself yet, but its creator has big dreams, calling it the “next generation of luggage.” &nbsp;</p><p>“If a suitcase can move by itself, besides facilitating the lives of a large number of travellers, families, disabled people, [it] could also spare all the elements that moves externally the baggage (conveyor belts, carts),” writes the unnamed creator on the <a href="http://cargocollective.com/ideactionary/hop">official Hop website</a>.</p><p>Multiple Hops can also be programmed to follow one another - a nifty feature for family-friendly travel.</p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/B1FFMwWbLnc" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/B1FFMwWbLnc/meet-hop-the-robot-suitcase-your-new-travel-companionhttp://readwrite.com/2012/10/10/meet-hop-the-robot-suitcase-your-new-travel-companionWed, 10 Oct 2012 19:45:00 GMThttp://readwrite.com/2012/10/10/meet-hop-the-robot-suitcase-your-new-travel-companion<!-- tml-version="2" --><figure><img src="http://a4.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyNDM1MTIxNjgzOTgzNjQx.png"></figure><p>Just as many companies won't hire the unemployed, new research suggests workers may tend to avoid jobs that have been open too long. A look at high-growth areas like Silicon Valley reveals some big disconnects between the expectations of tech job employers and job seekers - leaving many positions open and many professionals unemployed.&nbsp;</p><p>Finding a tech job these days should be as easy as shooting fish in a barrel, right? Not since the dot.com boom of the late 1990s have so many companies sprouted up with a mission to create software and provide online services to the masses. Heck, even jobs in general seem to be making a comeback. The U.S. Labor Department's national numbers on <a href="http://www.bls.gov/news.release/empsit.toc.htm">unemployment claims dropped to 7.8%</a> from 8.1% last week.</p><p>That optimism might be overheated, however. Information technology-related jobs (IT jobs) saw <em>reductions</em> of 1,700 workers last month, according to <a href="http://www.cio.com/article/718260/IT_Job_Numbers_Decline_for_First_Time_in_25_Months">research released this week from Foote Partners Research Group</a>. That's the first monthly drop in IT industry jobs that was not labor related since 2010. Compared to earlier this year, unemployment for IT workers mostly befell Web developers, network architects, computer systems analysts and software developers, according to the Bureau of Labor Statistics.</p><h2>Not Time To Panic For Tech Workers</h2><p>While not cause for full-scale panic, the decrease hints at a broader industry problem: Employers can't find enough qualified employees even as job seekers can't find qualified openings.</p><p>In a perfect world, every manager fills open positions as quickly as possible. But even as many workers can't find appropriate positions, the market for technology professionals in certain geographies and skill-sets is remarkably tight.</p><p>Some 45% of surveyed hiring managers and recruiters told <a href="http://www.dice.com/">Dice.com</a> it was taking longer to fill positions relative to last year (June 2012 compared to June 2011). The number one reason, according to Alice Hill, managing director of Dice.com: an inability to find qualified professionals. That was followed by hiring managers being more discerning waiting for the perfect match.</p><p>The problem is that waiting for the ideal candidate may mean job postings remain open for longer than some job seekers are comfortable with. The longer a job is open, the less likely it will get filled, according to Randstad Technologies a technology recruiter based in the U.K.</p><h2>Does A Job Posting Have A Shelf Life?</h2><p>To test its theory that employers should not keep job postings open indefinitely, Randstad contracted a survey of 2,001 people asking, "How many working days does a vacancy for a permanent job have to be open before it starts to look like a bad job that no one wants?"</p><p>Technology professionals in the U.K said they thought a post that was vacant an average of 67 days was most likely a job that no one wants. The survey did not indicate what kinds of employers had postings that lasted that long, nor what kinds of jobs could not be filled in more than two months time. Typically, online job posting websites like Dice.com, CareerBuilder.com and SimplyHired.com keep each posting for only a month. Most fill up in two weeks time, according to Dice.com's Hill.</p><p>Just as important, there could be many reasons why it’s taking longer to fill a particular position and not necessarily because it’s a “bad” job.</p><p>"There are instances where consulting or staffing companies are constantly in need of certain professionals," Hill says. "The job may appear to be the same, but it’s really a unique role with similar qualifications and experience needed."</p><h2>Testing The Theory In Silicon Valley</h2><p>Does this theory really hold true - especially in the hyper-competitive market of Silicon Valley? To find out, we took a look at job listings for tech positions listed on four well-known job-search sites for in Cupertino, Calif., the home of Apple.</p><p>It seems that some employers <em>do</em> have a hard time filing software developer jobs. A simple search turned up the following un-filled positions posted for more than a month:</p><p><strong>Dice.com</strong></p><ul><li><a href="http://seeker.dice.com/jobsearch/servlet/JobSearch?op=302&amp;dockey=xml/f/5/f59b89f5c8093afeb4f200f6b0d39352@endecaindex&amp;source=19&amp;FREE_TEXT=%22software+developer%22&amp;rating=99">Software Developer &amp; Report Writer</a> - posted September 5</li><li><a href="http://seeker.dice.com/jobsearch/servlet/JobSearch?op=302&amp;dockey=xml/3/b/3b62d2fcfc2561aa16fea7896ee4e5db@endecaindex&amp;source=19&amp;FREE_TEXT=%22software+developer%22&amp;rating=99">.Net Software Developer</a> - posted September 7</li></ul><p><strong>Careerbuilder.com</strong></p><ul><li><a href="http://www.careerbuilder.com/JobSeeker/Jobs/JobDetails.aspx?APath=2.21.0.0.0&amp;job_did=J3H25Z6YPM5S8Q8MRHG&amp;IPath=ILKGM1VZ06">CloudSystem Software Engineer - VI</a> for a high-profile company in Palo Alto - posted 3 weeks ago</li><li><a href="http://www.careerbuilder.com/JobSeeker/Jobs/JobDetails.aspx?APath=2.21.0.0.0&amp;job_did=JHT2Y56LQQP5KFZLNCG&amp;IPath=ILKGM1WZ06">Software Developer</a> at a lesser-known company - posted 3 weeks ago</li></ul><p><strong>Simply Hired</strong></p><ul><li><a href="http://www.simplyhired.com/a/job-details/view/cparm-cF9pZD0xMDAyJnpvbmU9NiZpcD03NS4zNi4xMzAuMTY2JmNvdW50PTEwJnN0YW1wPTIwMTItMTAtMDUgMTM6NDQ6NTkmcHVibGlzaGVyX2NoYW5uZWxfaWRzPTYmYV9pZD0xODQ4NyZjX2lkPTg1NDkmY3BjPTAuMjgmcG9zPTEmaGFzaD1hZmNlMGZkOTVhYWE1ZGVhMWRhYzliYzVhODRmNWRiNg%3D%3D%3Bd7009ac17bb7858138b1138b9ea12de1/jobkey-7dbdecf54c4f6c297333ac2f7fda562730ca984d/rid-nbettgyduisvzoqamwaneqhrtslhizqt/pub_id-1002/cjp-0">Sr. Software Dev Engineer Wireless</a> at a high profile company in Seattle - posted 29 days ago</li><li><a href="http://www.simplyhired.com/a/job-details/view/cparm-cF9pZD0xMDAyJnpvbmU9NiZpcD03NS4zNi4xMzAuMTY2JmNvdW50PTEwJnN0YW1wPTIwMTItMTAtMDUgMTM6NDQ6NTkmcHVibGlzaGVyX2NoYW5uZWxfaWRzPTYmYV9pZD0xODQ4NyZjX2lkPTg1NDkmY3BjPTAuMjgmcG9zPTImaGFzaD1hZmNlMGZkOTVhYWE1ZGVhMWRhYzliYzVhODRmNWRiNg%3D%3D%3B68670251aa2b12b2808a9f057812fd3a/jobkey-25daaefed6c5d6b52f74bd07ac2102dae1436/rid-nbettgyduisvzoqamwaneqhrtslhizqt/pub_id-1002/cjp-1">Software Development Engineer in Test Framework</a> at a high-profile company in Seattle - posted 17 days ago</li></ul><p><strong>Craigslist</strong></p><ul><li><a href="http://sfbay.craigslist.org/sby/sof/3258344964.html">SW. Developer - Music Apps</a> at an unknown company - posted September 8</li><li><a href="http://sfbay.craigslist.org/sby/sof/3256709464.html">Senior C/C++ Software Developer</a> at an unknown company - posted September 7</li></ul><h2>Job Postings Are Like Real Estate Listings</h2><p>"Recruiting for a tech post is like trying to sell your house. Leave it on the market too long and, for whatever reason, people start to think there is something wrong with it," said Mike Beresford, managing director of Randstad. "That leads to fewer applications and increased pressures on the rest of the staff left trying to cover the empty position."</p><p>While IT jobs continue to be in high demand, the nature of employees and those looking for work in tech remains a dance between employers looking for skilled workers and skilled workers looking for better opportunities.</p><p>It may seem that in this economy, just posting an open position should be enough to get it filled. But as the research shows, it's also important to manage expectations - and to refresh job listings left up too long - if we want to get those positions filled and people back to work.</p><p></p><p><em>Images courtesy of Shutterstock.</em></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/l01Lpxc5VFo" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/l01Lpxc5VFo/can-tech-job-listings-go-stalehttp://readwrite.com/2012/10/09/can-tech-job-listings-go-staleTue, 09 Oct 2012 18:42:12 GMThttp://readwrite.com/2012/10/09/can-tech-job-listings-go-stale<!-- tml-version="2" --><figure><img src="http://a4.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyNDM0MTUzNDM3MjMzNzY2.jpg"></figure><p>Welcome to your "official" support site, Web developers.&nbsp;The Web’s top four browser developers - Google, Microsoft, Mozilla and Opera - teamed with the World Wide Web Consortium (W3C) and technology companies including Nokia, HP, Adobe and Facebook - &nbsp;to create&nbsp;<a href="http://docs.webplatform.org/">Web Platform Docs</a>, a Wiki devoted to sussing out and stomping bugs and other issues when trying to develop for multiple browsers.</p><p>Obviously, the effort primarily benefits developers, but it should eventually result in a greate number of sites that work properly no matter what browser you use to access them.</p><p>Other sites already provide the same sort of collaborative approach to development, including <a href="http://www.sitepoint.com">SitePoint</a> and especially <a href="http://stackoverflow.com/">StackOverflow</a>, which uses the same votes/answers model of presenting questions and answers. In those sites, designers and developers work together to develop solutions, with some participation from members of the individual browser companies.&nbsp;</p><p>The idea is to smooth Web development, eliminating bugs, development costs and headaches. In one example cited by Microsoft, Erik Klimczak, creative director at <a href="http://www.claritycon.com/">Clarity Consulting</a>, had been using a common trick to make an image uniformly scale, but found out it didn’t work on a particular browser. After contacting the browser’s development team himself, he found that the feature was supported, but in an undocumented feature.</p><h2>A Cooperative Venture</h2><p>All of the major browser makers have committed to funding the site and providing resources, according to Ian Jacobs, the head of communications for the W3C. He was unable to say, however, what the extent of each company’s contributions would be.</p><p>“I think the first thing to note is that there are many great sites out there, but one of the challenges we’ve heard from developers is that when you look at all the sites around there it’s time-consuming, and there might be inconsistencies,” Jacobs said. “Vendors, when they put up information, it may be generic, and it might be proprietary, and so we want to the <a href="http://www.w3.org/">W3C</a> membership, and said we’d like to do the same thing we do with membership, which is to leverage the collective effort... and remove redundancies, remove inconsistencies and make it easier to find things.”</p><p>In an email, a spokeswoman for Google said that the company wouldn't disclose its financial commitment: "We don't disclose any financial terms or details, but in regards to maintenance of the site, the community and some people from the stewards organizations will continue to work on and monitor the site."</p><p>Microsoft provided a bit more detail: "The role of stewards is intentionally limited in favor of self-governance by the community," a Microsoft spokeswoman said in an email. "Stewards focus primarily on facilitating the long-term operation of Web Platform Docs. In practice, this means that stewards provide Web Platform Docs with funding and relevant infrastructure, while helping the community address issues that may arise that the community is not able to address. The stewards do not manage the content of the site, nor do they define the processes the community adopts to manage itself, unless requested to by the community. Although some representatives of the stewards participate in developing the site, they do so as peers of other members of the community."</p><h2>You'll Find What You're Looking For</h2><p>One of the site’s strengths, according to Jacobs, will be the inclusion of clear, ordered documentation from the W3C. Visitors to the site will find published content from the founding organizations, including more than 3,200 topics from the Microsoft Developer Network, Microsoft said. In addition, there will eventually be a sample library that takes into account real-world scenarios, and tutorials that provide guidance on how to use new and existing technologies.</p><p></p><figure><img src="http://a2.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyNDM0MTU1MDQ3ODQxMDQ5.jpg"></figure><p>That may mean that the documentation content will favor IE, at least in the early stages. A generic search for “Chrome” in the documentation portion of the site favored IE in most of the results, although expanding the results offered up more choices. (For example, in the page describing <a href="http://docs.webplatform.org/wiki/css/properties/font-size">CSS properties for font size</a>, portions of the content were pulled from MSDN, and there are several MSDN links at the bottom.) The Web Platform Docs site does claim that it’s still in an alpha status, however.</p><p>“With Web Platform Docs, we now have a central place where we can learn what the standard is, when we can use that particular feature, and the right way to use it,” Rey Bango, a Windows technical evangelist at Microsoft, said. “That’s important to me, and it’s important to Web developers. They want to take advantage of the cool stuff - the toys - and they want to do it responsibly. This site gives them that capability.”</p><h2>Hands-Off Approach</h2><p>According to Jacobs, the site will take a hands-off approach toward managing content, allowing users who achieve the same level of expertise - which appears to be assigned through a points system - to achieve the same status as representatives from the browser developers themselves. Content will be developed as much by the users as much by the companies.&nbsp;</p><p>“We decided that it would be better to open up Web Platform Docs to the community as early as possible, so that everyone – including you – can help expand and refine the documentation, and ultimately define the direction of the site,” Alex Komoroske, a project manager with Google’s Open Web Platform team, said in a <a href="http://googledevelopers.blogspot.com/">blog post</a>.&nbsp;</p><p>Jacobs also said that the “official” nature Web Platform Docs site won’t prevent a free-wheeling discussion. That should mean that a developer who asks about a controversial topic, or who makes a claim about which browser correctly implements a CSS feature, for example, won’t be moderated down just because one of the site’s members disagrees with the premise. Don’t expect a discussion of proprietary technologies like Javascript, Jacobs added; however, nothing’s truly “out of scope,” he added.</p><p>“One of the great things is that we have the attention of the vendors. And while they’re keen on accuracy, the policies of the site won’t restrict the nature of the discussion,” Jacobs said.</p><p></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/4b2pjxtDUv0" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/4b2pjxtDUv0/browser-makers-cooperate-on-support-for-multi-platform-web-developmenthttp://readwrite.com/2012/10/08/browser-makers-cooperate-on-support-for-multi-platform-web-developmentMon, 08 Oct 2012 20:30:00 GMThttp://readwrite.com/2012/10/08/browser-makers-cooperate-on-support-for-multi-platform-web-development<!-- tml-version="2" --><figure><img src="http://a5.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyNDM2Mjk3NDMxMjIwODM4.png"></figure><p>It's beautiful and rare when the worlds of computer games, band geekdom and college football can all get along.</p><p></p><p></p><div tml-external-provider="youtube" tml-external-id="sAzzbrFgcUw"></div><p>The Ohio State marching band peformed a fairly amazing tribute to computer games between halves on Saturday, Oct. 6, 2012, including an eye-popping rendition of Epona (Legend of Zelda) galloping across the field. Other games referenced include Space Invaders, Pokemon, Tetris, Mario Bros., Halo and Pacman.</p><p>Oh, yeah. There was a game, too. The Buckeyes kicked the snot out of the Nebraska Cornhuskers, 63-38.</p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/tlpm7y-iFhI" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/tlpm7y-iFhI/video-3-great-tastes-that-taste-great-together-pc-games-football-marching-bandhttp://readwrite.com/2012/10/08/video-3-great-tastes-that-taste-great-together-pc-games-football-marching-bandMon, 08 Oct 2012 17:07:00 GMThttp://readwrite.com/2012/10/08/video-3-great-tastes-that-taste-great-together-pc-games-football-marching-band<!-- tml-version="2" --><figure><img src="http://a2.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyNDM2NTIwMjMyNzA5NDAx.jpg"></figure><p>"Pssst, wanna buy some software bugs?" It's not talked about much, but selling software vulnerabilities is big business. And the practice has surprising implications for software security - and even national security.</p><p>It turns out government agencies are willing to pay six figures for exclusive details on exploitable flaws in software and operating systems, and there are plenty of companies and bug brokers ready to sell to the highest bidder. But with so much backdoor trading, who is watching to make sure the bad guys - from criminals to terrorists or hostile nations - do not get this valuable information?</p><p>The answer is no one.</p><h2>How Selling Bugs Began</h2><p>One of the first security researchers credited with selling an exploitable flaw was Charlie Miller, a former employee of the National Security Agency who now works for the consulting firm Accuvant. In 2005, Miller found a vulnerability in the Linux operating system and sold it to the U.S. government for $80,000.</p><p>"The government official said he was not allowed to name a price, but that I should make an offer," Miller <a href="http://www.securityfocus.com/news/11468">told SecurityFocus.</a> "And when I did, he said OK, and I thought, 'Oh man, I could have gotten a lot more.'"</p><p></p><figure><img src="http://a1.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyNDM2NTIyMzgwMTMyOTY2.jpg"></figure><h2>Today's Bug Market</h2><p>Today, many software makers offer bounties for vulnerabilities. So far this year, Google <a href="http://www.computerworld.com/s/article/9231734/Google_patches_24_Chrome_bugs_pays_out_29K_to_bounty_hunters">has spent</a> more than $290,000 for vulnerabilities in its Chrome browser and recently raised the minimum bonus to $1,000.</p><p>A number of companies buy bugs and then sell them back to software makers on a subscription basis. Examples include <a href="http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/index.xhtml">iDefense</a> and <a href="http://www.zerodayinitiative.com/">Zero Day Initiative</a>, which pay from $500 to $20,000 for vulnerabilities.</p><p>But the big money is chased by companies like <a href="http://www.endgamesystems.com/">Endgame Systems</a>, <a href="http://www.netragard.com/">Netragard</a> and <a href="http://www.vupen.com/english/">Vupen Security</a>. They focus on the more lucrative market of selling bugs to government agencies that use the information to hack computers and phones of crime suspects and intelligence targets. However, their customers also can include large corporations.</p><p>In February, Vupen, which publicly promotes it services, let its team of hackers loose on Google Chrome to win a hackathon held by Hewlett-Packard. At the same security conference, Vupen snubbed a similar contest held by Google, which paid each of two winning hackers $60,000. To Vupen the prize was pocket change, since it would have had to hand over details of the flaw to Google.</p><p>"We wouldn’t share this with Google for even $1 million," Vupen chief executive Chaouki Bekrar <a href="http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/">told Forbes.</a> "We don’t want to give them any knowledge that can help them in fixing this exploit or other similar exploits. We want to keep this for our customers."</p><p>Also in the high end of the market are so-called "bug brokers" who negotiate deals for vulnerability hunters. One such broker goes by the pseudonym "The Grugq." A noted security expert himself, The Grugq sells to the highest bidder, typically a U.S. or European government agency, and charges a 15% commission, <a href="http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/">according to an interview</a> in March with Forbes.</p><p>As you would expect, bugs in the most popular softare - Windows, Microsoft Office, Apple's iOS, Web browsers, etc. - earn the highest prices. And with so much money at stake, it's no wonder that plenty of smart, ambitious hackers are spending endless hours tearing apart popular software looking for vulnerabilities - and finding them.</p><h2>No Laws, Few Rules</h2><p>The selling of software vulnerabilities is perfectly legal. In fact, consulting firm <a href="http://www.frost.com/prod/servlet/press-release.pag?docid=234804194">Frost &amp; Sullivan named Vupen</a> the 2011 Entrepreneurial Company of the Year.</p><p>The problem is in who buys the information. People may believe it's OK when a U.S. government agency is the purchaser, but what about intelligence agencies from other countries, possibly ones hostile to the U.S.? Exploitable bugs can also find their way to cyber-criminals who could use them in large-scaled malware attacks on home or business computers.</p><h2>The Critics</h2><p>Among the most vocal critics of vulnerability trading is Christopher Soghoian, a principal technologist and policy analyst for the <a href="http://www.aclu.org/">American Civil Liberties Union</a>. In a presentation at the<a href="http://www.virusbtn.com/conference/vb2012/index"> Virus Bulletin conference</a> in September, Soghoian argued the need for some form of oversight of the industry.</p><p>"If the industry wants to avoid regulation, it needs to regulate itself," <a href="http://files.dubfire.net/csoghoian-vb-2012-exploit-sales-keynote.pdf">Soghoian said.</a></p><h2>A Need For Regulation?</h2><p>Self regulation appears unlikely. But a regulated exploit market is not unprecedented. Germany, for example, has strict laws that not only make it illegal to sell exploits, but also to distribute them for free.</p><p>But there's no consensus here in the U.S. Some <a href="http://www.washingtonpost.com/world/national-security/secrecy-surrounding-zero-day-exploits-industry-spurs-calls-for-government-oversight/2012/09/01/46d664a6-edf7-11e1-afd6-f55f84bc0c41_story.html">experts argue that</a> regulating the industry is like trying to regulate guns. Laws are in place through out the country, yet criminals still have guns.</p><p>Others argue there should be restrictions on exports, while the domestic market remains open. The problem with this strategy is it might encourage stockpiling of exploits, which carries its own risks.</p><p>There are no easy answers, but it's time for lawmakers to look at the industry before an exploit sold on the open market is used in an attack that empties bank accountes, steals state secrets or disrupts the power grid.</p><p>In the aftermath of such an large-scale infrastructure attack, the rush to regulation is unlikely to produce good policy. That's why we need to address the issue now.</p><p></p><p><em>Images courtesy of <a href="http://www.shutterstock.com">Shutterstock</a>.</em></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/1WIc5huJ-RM" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/1WIc5huJ-RM/the-shadowy-world-of-selling-software-bugs-and-how-it-makes-us-all-less-safehttp://readwrite.com/2012/10/04/the-shadowy-world-of-selling-software-bugs-and-how-it-makes-us-all-less-safeThu, 04 Oct 2012 12:30:00 GMThttp://readwrite.com/2012/10/04/the-shadowy-world-of-selling-software-bugs-and-how-it-makes-us-all-less-safe<!-- tml-version="2" --><figure><img src="http://a1.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyNDM0NDI3NTA5OTY1NDE0.jpg"></figure><p>The latest language from the company once identified for its programming languages seeks to bring a higher class of developer into the Web apps space, without changing the foundation of the Web... even if such a change wouldn’t be such a bad idea.</p><p>Let’s be frightfully honest: JavaScript probably should not have been the first choice for the language of all Web functionality - at least, not without some serious reworking. It became standardized long before it was ever rationalized.&nbsp; And had rationality been the goal, it should have looked much more like Java than script.</p><p>As with so much else on the Web, platform engineers are largely of the mindset that it’s too late to do much about it now. The exceptions are companies whose backbones still have some swagger to them, especially in the face of something new called “competition.” While Microsoft has been taking fewer risks quantitatively of late, the risks it does take have been bigger: the <a href="http://www.readwriteweb.com/enterprise/2012/03/if-windows-7-simplifies-the-pc.php">Start Screen in Windows 8</a>, the <a href="http://www.readwriteweb.com/archives/the-future-of-microsofts-xbox-interactive-tv.php">expansion of Xbox into a media platform</a>, the <a href="http://www.readwriteweb.com/mobile/2012/06/new-windows-phone-8-features-gun-for-apple-android.php">splicing of Windows Phone with Windows PC</a>, the <a href="http://www.readwriteweb.com/hack/2011/09/build-2011-what-is-winrt-and-i.php">abandonment of Silverlight in favor of WinRT</a>.</p><h2>One Giant Step Up From Level II BASIC</h2><p>Microsoft’s introduction of TypeScript is not <em>that</em> big, and is not really a risk. In terms of product, it’s a free Visual Studio add-on (<a href="http://www.typescriptlang.org/#Download">downloadable here</a>) that enables more learned, professional developers to adopt more formal approaches in producing code for the Web. In terms of marketing, it’s a nearly no-cost way for Microsoft to put its stake in the ground in territory Google has been working to claim for itself.</p><p>As a language interpreter, every browser’s JavaScript works like something you’d find embedded in the ROMs of a 1978 hobby shop microcomputer. For example: To have the interpreter hold a value in memory, you declare a variable. The interpreter doesn’t have any idea what to expect for that variable, so it just sets aside a big block of space in anticipation of anything that comes along. Then when you set the variable’s value to “Obama” instead of 8, or instead of $13.50, the interpreter deduces you meant to store a string of text.</p><p>This is how a <em>weakly typed</em> interpreter behaves, and it does so supposedly as a favor to you, to save you steps.&nbsp; The problem is, adding “2012” to “Obama” is a very different thing than adding 2012 to 8.&nbsp; So if you’ve gathered the contents of a text box named <strong>year</strong> using something like <strong>document.GetElementByID('year').value</strong>, and used a <strong>+</strong> operator to tack that onto your variable, despite the fact that the property is called <strong>.value</strong>, the likelihood is that it contains text.&nbsp; So how you use the <strong>+</strong> operator (as addition or to append) depends on how you used the variable.&nbsp; If you flip your types, there’s a good chance the interpreter will respond by doing what all JavaScript interpreters do instead of alerting you with error boxes: stop dead cold and do nothing.</p><p>TypeScript operates under a different theory:&nbsp; Let’s presume JavaScript was <em>strongly</em> typed to begin with.&nbsp; From now on, it’s up to you to explicitly declare your variable types up front before you use them, especially in the context of a function whose arguments or whose interfaces (a concept familiar to C# and Java veterans) are discrete elements of data. If we simply endow the development environment (in Microsoft’s case, of course, Visual Studio) with the rules for strong typing, then it can enforce those rules <em>while you’re coding</em>, instead of setting up a scenario where a misused type could derail the interpreter.</p><p>“What TypeScript does is, it basically formalizes a static type system that describes JavaScript’s dynamic types, but it describes them at development time,” says Microsoft Technical Fellow Anders Hejlsberg (known as the “father” of Microsoft’s other big language, C#), in a demonstration video released Tuesday. “And then it can offer excellent tooling on top of that information.” By that, Hejlsberg means that TypeScript presents a method for the developer to express variables, arrays and properties in a non-standard JavaScript way, ignoring JavaScript’s allowances that variables can be basically <em>anything</em> until they’re put to use (“dynamic types”), but whose product is still interpretable by any JavaScript-capable device.</p><h2>Making The Editor The Enforcer</h2><p>Here’s the subtle genius of the system: Only the developer uses TypeScript; nothing changes on the client side. The TypeScript rule enforcer in Visual Studio <em>produces JavaScript code</em>, which is then guaranteed not to derail the interpreter with a type mismatch. That code is then embedded into the webpage or the Web app just like any other JS code, because that’s what it is.</p><p>This way, as most professional JavaScript developers do, you can use JQuery, Node.js (for server-side code), or any of the functionality libraries that add real <em>value</em> to JavaScript, while adding the ability to call their functions safely. You do need to add interface declarations files to your TypeScript project, but their entire purpose is to ensure that inputs and outputs match the types these libraries expect.</p><p>Most object-oriented languages today utilize some notion of <em>class</em> - reusable components made up of functions with specified inputs and outputs, and data with specified types. JavaScript is not object-oriented, which is not really a fault since, arguably, an object-oriented programming interpreter would have been much more complex for Netscape to have implemented. TypeScript adds class, including class constructors, but in such a way that member functions compile down into <em>methods on the prototype</em>, which are JavaScript workarounds.</p><p></p><figure><img src="http://a2.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyNDM0NDI5Mzg4ODgyNTM0.jpg"></figure><p>This sample, from a frame of Anders Hejlsberg’s demo video, shows a column of TypeScript code on the left being live-compiled into JavaScript on the right. Here you see where what a Java or C# programmer will recognize as a <em>member function</em><strong>dist()</strong> being rephrased as a member method on the prototype <strong>Point.prototype.dist</strong> for JS.</p><p>TypeScript is far from the first effort engineers have made to add classes and types to JavaScript without impacting what some still call lovingly (for their own reasons) the “standard.” Last year, <a href="http://www.readwriteweb.com/hack/2011/10/dart-is-to-javascript-as-c-is.php">Google introduced Dart</a> as a kind of JavaScript turbocharger. From the developer’s perspective, Dart would substitute for the JavaScript language, re-introducing aspects of class and typing from Java into the mix; while from the browser’s point of view, the Dart virtual machine would supplement its existing JavaScript VM rather than replace it. The Dart VM “digests” Dart language and produces JavaScript code, so instead of replacing your browser, you add onto it. As its name suggests, Dart is also sharp, providing applications developers with the clarity and exactitude they come to expect from a language capable of running a word processor.</p><p>But for developers to get behind any language - even a supplemental one - they need a rich development environment that understands it natively, as rich as Eclipse for Java.&nbsp; <a href="http://www.informationweek.com/development/open-source/google-collide-dims-hope-for-brightly-id/240003399">Progress on that front for Dart has been mixed</a>, which is not uncharacteristic of projects at Google.</p><p></p><figure><img src="http://a3.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyNDM0NDMwOTk5NjI2MzQy.jpg"></figure><p>By comparison, TypeScript has the virtue of inserting itself into an development environment that’s already somewhat rich: Visual Studio. Once the add-on is plugged in, VS 2012 recognizes TypeScript as a formal file type.</p><p></p><figure><img src="http://a5.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyNDM0NDMzNDE1NDA4OTIx.jpg"></figure><p>Then as you’re developing the script, as this sample from VS 2012 shows, the editor keeps track of the proper types of each variable, even when in this case, it has yet to be assigned a value. Here, pointing to member function <strong>getDist()</strong> reveals a tip showing it to be a function (the closed parentheses) whose return value is of type <strong>number</strong>.</p><h2>Insert Devious Plot Here</h2><p>Outside of development circles, <a href="http://developers.slashdot.org/story/12/10/01/2011201/typescript-microsofts-replacement-for-javascript?utm_source=feedburner&amp;utm_medium=feed&amp;utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29">the conspiracy theory of the day</a> is that Microsoft is seeding the market with proprietary technologies in order to bind them to the company. It is for things such as this that the Recycle Bin was invented. Inside development circles, the allegation is that <a href="http://channel9.msdn.com/posts/Anders-Hejlsberg-Introducing-TypeScript?utm_source=dlvr.it&amp;utm_medium=twitter">Microsoft is trying to recast Web standards in its own image</a>, and is demonstrating its disdain for standards by rebuilding them. Such allegations ignore an obvious fact: The caretakers of the JavaScript standard (who use the term ECMAScript to avoid stepping on a trademark that now belongs to Oracle) are <a href="http://www.nczonline.net/blog/2012/07/24/thoughts-on-ecmascript-6-and-new-syntax/">doing exactly what Microsoft is doing</a>, and for that matter, Google as well: namely, retrofitting an under-qualified language for Web applications with the tools and reliability features that developers require.</p><p>Besides, TypeScript is not the first JavaScript recompiler with type and class support, including within the open source community.&nbsp;<a href="http://coffeescript.org/">CoffeeScript is a highly praised project</a> that expresses statements using tighter code. Meanwhile, <a href="http://css.dzone.com/articles/little-smallscript-dialect">Smallscript is a recompiler</a> that borrows elements of Smalltalk, including for expressing data as objects; and the <a href="http://scriptsharp.com/">Script# extension for Visual Studio</a> compiles actual C# source code into equivalent JS. None of these are perceived as covert conspiracies.</p><p>If Microsoft is guilty of falling into any familiar pattern with TypeScript, it’s that it’s not the first product in its class. What TypeScript has going for it, though, is no particularly good reason <em>not</em> to be adopted by Web apps developers, except for the possibility of a preferable alternative. Standards are for communications systems and interfaces; <em>options</em> are for people. TypeScript is one more option, and in my view so far, a sensible one.</p><p></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/C_cL2Q78_yU" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/C_cL2Q78_yU/microsofts-typescript-fills-a-long-standing-void-in-javascripthttp://readwrite.com/2012/10/03/microsofts-typescript-fills-a-long-standing-void-in-javascriptWed, 03 Oct 2012 20:28:07 GMThttp://readwrite.com/2012/10/03/microsofts-typescript-fills-a-long-standing-void-in-javascript<!-- tml-version="2" --><figure><img src="http://a5.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyNDM1NDgwNTgyMTI4MjMw.png"></figure><p>Take a quick look around the Ubuntu forums and IRC channels and you can miss the pattern: it's mostly men. That is not to say that there is no diversity in the open source community, only that you need to look a little deeper to find it.</p><p>According to a recent survey, only <a href="http://www.huffingtonpost.com/peggy-johnson/women-in-technology_b_1413553.html">12% of professionals in science, technology, engineering and mathematics (STEM) are women</a>.&nbsp;So I felt especially lucky to "sit-down" with <a href="http://wiki.ubuntu-women.org/">Ubuntu Women</a> members <a href="https://wiki.ubuntu.com/lyz?action=show&amp;redirect=Pleia2">Elizabeth "Lyz" Krumbach</a> and <a href="https://wiki.ubuntu.com/Cheri703">Cheri Francis</a> over a Google+ hangout to discuss the work they are doing with the organization.</p><p>Why Ubuntu? All jabs at Unity aside, it is still one of the most popular Linux distributions and this group is doing its best to promote that message while also encouraging women to become more involved.</p><p>From its humble beginnings in 2006, the Ubuntu Women mission has been clear - to encourage women to use and contribute to Ubuntu. The organization is not political, so you'll find no mentions of feminism or the like, but rather a safe place where women, curious about the Ubuntu developer community, can come and ask questions without fear of intimidation or condescension. The group's membership has grown to over 300 (including myself) with support from everyone from <a href="http://www.canonical.com/">Canonical</a> founder Mark Shuttleworth himself to other community leaders and project teams.</p><p></p><figure><img src="http://a3.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyNDM1NDgyNzI5NjA2NDI1.jpg"></figure><p></p><p>What exactly do the Ubuntu Women Do Anyway?</p><h2>Mentorship</h2><p>Though efforts at a formal mentorship program fizzled, the team was not deterred. After some retooling, what emerged was a more informal, but much more effective system. When new members reach out, usually via mailing list or the IRC chat room, someone from the team immediately responds and puts them in touch with a community member who can help get them going.</p><p><strong>Contributions</strong></p><p>Contributions to the Ubuntu and open source community are as varied as they are numerous. Here's just a snapshot of some of the areas where the Ubuntu Women as individuals and a team have made a significant impact:</p><p><strong>• IRC channel support</strong></p><p><strong>• Documentation</strong></p><p><strong>• Education</strong></p><p><strong>• O'Reilly Linux DevCenter blogging</strong></p><p><strong>• Package maintenance</strong></p><p><strong>• Development &amp; testing</strong></p><p><strong>• Local community leadership</strong></p><p>Recently elected to the Ubuntu Women leadership team, Lyz Krumbach just won the <a href="http://www.oscon.com/oscon2012/public/schedule/detail/25039">O'Reilly Open Source Award</a> for her open source contributions. And she will soon be traveling to Ghana to help San Francisco non-profit <a href="http://partimus.org/">Partimus</a> - which provides repurposed computers running free software to students and schools in need - with deploying Ubuntu systems.</p><p>Cheri Francis, another member of the leadership team, is the spearhead behind the group's monthly Career Day. She also heads up her local community group, ReLoCo and also participates with the accessibility and NGO teams.</p><p>One of Francis' proudest moments is introducing Ubuntu to her mom, who has multiple sclerosis. Ubuntu offers the customization she needed to modify the system to make it easier for her mother to use and remember things. This has allowed her to do more than she has with any other computer.</p><p>Also sitting on the Ubuntu Leadership team is <a href="https://wiki.ubuntu.com/AmberGraner">Amber Graner</a>. She is the co-author of <a href="http://www.amazon.com/The-Official-Ubuntu-Book-Edition/dp/0133017605/ref=sr_1_4?ie=UTF8&amp;qid=1348596992&amp;sr=8-4&amp;keywords=the+official+ubuntu+book">The Official Ubuntu Book</a>, and a frequent organizer and speaker at open source events around the world.</p><h2>Education</h2><p>Each month, the group hosts a Career Day chat on IRC in the Ubuntu Classroom #ubuntuclassroom. Cheri Francis spearheads this initiative, frustrated by the lack of information available about IT careers that could help her and others make more informed career decisions.</p><p>An IT industry professional attends the online chat and posts information about her career - like how to break into the field, skills needed and what a typical day is like. Each session lasts about an hour, with time included for questions and answers. The <a href="http://wiki.ubuntu-women.org/CareerDays">next chat will be October 18, 2012, featuring Silvia Bindelli</a>, a computer science engineer who will discuss her work as an engineering software release coordinator.</p><h2>Needs</h2><p> The open source community backbone is comprised of a legion of fiercely dedicated volunteers. Still, the needs are many. In addition to the obvious need for technical talent - developers, QA, designers and the like - there is also a need for writers, bug triage, organizers and everything in between.</p><figure><img src="http://a4.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyNDM1NDg0ODc3MDkwMDcz.jpg"></figure><p>If you'd like to join the Ubuntu Women, contact anyone on the <a href="http://wiki.ubuntu-women.org/Contacts">leadership team</a>, or check out the #ubuntu-women and #ubuntu-women-project IRC channels.</p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/M6tFcXCmiAU" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/M6tFcXCmiAU/meet-the-ubuntu-womenhttp://readwrite.com/2012/09/28/meet-the-ubuntu-womenFri, 28 Sep 2012 13:30:00 GMThttp://readwrite.com/2012/09/28/meet-the-ubuntu-women<!-- tml-version="2" --><figure><img src="http://a1.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyNDM1MzI1NDI2NTY1NzM0.png"></figure><p>Even as developers continue to churn out more and more mobile apps - especially games - they’re all struggling to figure out how to get enough people to download and use their apps. Perhaps even more important, developers need a way to make money on their apps, and that combination increasingly results in the freemium model - free apps supported by in-app purchases.</p><p>The trick, though, is to give people a robust enough free app to get them to download it in the first place - but still find a way to convince enough of those downloaders to part with their hard earned dollars?</p><p>Do it wrong and you’ve just given away something for nothing. Do it right and it can be a lot more lucrative than charging everyone $.99 upfront.</p><p>What' the secret? Here are 5 ways app developers get users to pony up real cash:</p><h2>1. The Bait and Hook</h2><p>The psychology here is simple. Lure in the customer with an all-too-accessible free download. With that initial barrier removed, developers then only need focus on creating a fun and engaging gaming experience. After those first few minutes (or hours) of play, it’s that much easier to get the customer’s buy-in to spend a little something to continue the experience. The desire to make it to the next level can be almost addictive. A fully invested customer will be more willing to pay to play.</p><figure><img src="http://a3.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyNDM1MzI3MzA1NDgyODU0.png"></figure><h2>2. Make It Easy</h2><p>Some of the most successful games are relatively simple - Angry Birds is a perfect example. But even for the more complex games, the early objective should be to make it as easy as possible for customers to understand the rules of the game and get started. According to veteran game developer Mike Amerson, maker of the hits <a href="http://www.myvirtualgirlfriendgame.com/">My Virtual Girlfriend</a> and <a href="http://www.myvirtualboyfriendgame.com/">My Virtual Boyfriend</a>, this is a key strategy. “Make sure the initial engagement isn’t frustrating. Use techniques like tutorials and tips, then allow the user to practice and gain a few wins before she has to face any real challenges. Then as the game progresses, it becomes harder to achieve those same results.” But by then, the customer is already invested.&nbsp;</p><figure><img src="http://a4.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyNDM1MzI5NDUyOTY2NTAy.png"></figure><h2>3. Timely Offerings</h2><p>Only after the customer has downloaded the app, has a good feel for it, and may be feeling fairly confident in their ability to win, is it time to drop the in-app purchase suggestion. At key “choke points” in the game, when the developer knows the customer will need just the right tool to obtain a higher level of achievement, a friendly pop up alerts players of the opportunity to make a purchase that will keep the game experience going. The U.K’s <a href="http://www.naturalmotiongames.com/">Natural Motion</a>, makers of <a href="http://itunes.apple.com/us/app/csr-racing/id469369175?mt=8">CSR Racing</a>, have mastered this strategy - and have $12 million in monthly in- app purchase revenue to prove it. After working through a few easy levels, it is nearly impossible to win a race without making upgrades or purchasing another car.&nbsp;</p><figure><img src="http://a1.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyNDM1MzMxMzMyMDA5MjQx.png"></figure><h2>4. Introduce New Items</h2><p>Mobile game developer <a href="http://tinyco.com/">TinyCo</a> is a proven leader in this next strategy. In its game <a href="http://itunes.apple.com/us/app/tiny-zoo-friends/id456082760?mt=8">Tiny Zoo Friends</a>, where kids manage a virtual zoo, the company introduces new farm animals for purchase every week. One animal, “The Cash Cow” (not sure if pun was intended or not), cost one young fan nearly two months' allowance. According to TinyCo CEO Suly Ali, the revenue from this character alone was in the neighborhood of $50,000.&nbsp;</p><h2>5. For A Limited Time Only</h2><p>Once customers become accustomed to making in-app purchases, developers then introduce the limited-time- only scenario. Make the next purchase for half off, or at a reduced rate, but only if you buy before the offer runs out. Most shoppers will recognize this strategy from a wide variety of retail environments - because it works. Imposing a time limit to a discount provokes that buy-now-or-lose-out feeling of urgency. It’s the ultimate pay reward system.</p><p>By some estimates, in-app purchasers spend on average $14 per transaction, which is why freemium has become the dominant means of monetizing apps.</p><p>For serious players, though, buying a game for $.99 up front is almost always cheaper than a freemium model where you’ll need to ante up a lot more over time. Keep that in mind the next time you download a “free” app.</p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/HFUh4c_-9LA" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/HFUh4c_-9LA/5-tricks-app-makers-use-to-boost-in-app-purchaseshttp://readwrite.com/2012/09/21/5-tricks-app-makers-use-to-boost-in-app-purchasesFri, 21 Sep 2012 12:00:00 GMThttp://readwrite.com/2012/09/21/5-tricks-app-makers-use-to-boost-in-app-purchases<!-- tml-version="2" --><figure><img src="http://a3.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyNDM0MDYwNTU4NjI2MDcz.jpg"></figure><p>Minecraft changed the video game industry by selling millions of downloads of an indie game. Now the free-form building game is inviting players to help redesign real-world locations around the world.</p><p>Minecraft creator Mojang announced yesterday in a&nbsp;<a href="http://www.mojang.com/2012/09/mojang-and-un-presents-block-by-block/">blog post</a>&nbsp;that it is teaming up with United Nations Habitat to upgrade 300 public spaces by 2016. &nbsp;</p><p>The project, called Block by Block, enlists local youth to improve their neighborhoods. Block by Block is the international version of a previous Mojang project known as My Blocks (Mina Kvarter in Swedish), organized in conjunction with Swedish Building Services. Mojang managing director Carl Manneh&nbsp;wrote:</p><blockquote><p>“It has proven to be a great way to visualize urban planning ideas without necessarily having architectural training. The ideas presented by the citizens lay as a ground for political decisions. Mina Kvarter has been a great success and it’s spreading into more areas in Sweden. It has also been recognized internationally as a new way to do urban development planning. Recently, the UN found out about what we are doing and we got together to talk.”</p></blockquote><p>The first Block by Block site, in Nairobi, Kenya, is “already in the planning phase.” Urban planners interested in following the project will have to wait for status updates, as Mojang is still building the Block by Block website.</p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/jE1fcS6LO2Q" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/jE1fcS6LO2Q/minecraft-partners-with-united-nations-for-urban-planninghttp://readwrite.com/2012/09/06/minecraft-partners-with-united-nations-for-urban-planningThu, 06 Sep 2012 21:00:00 GMThttp://readwrite.com/2012/09/06/minecraft-partners-with-united-nations-for-urban-planning<!-- tml-version="2" --><figure><img src="http://a4.files.saymedia-content.com/image/upload/c_fit,h_600,w_600/MTIyNDM0OTE0NzIwMTgxNTI5.jpg"></figure><p>For nearly everyone, it’s time to dump Java. Once promising, it has outlived its usefulness in the browser, and has become a nightmare that delights cyber-criminals at the expense of computer users.</p><h2>&nbsp;Java Today</h2><p>Sun Microsystems released Java in 1995 as a technology for building applications that could run on any platform, including Windows, Macintosh and Linux. In its heyday, major browsers embraced Java for running applets within pages. All anyone needed was a browser plug-in for executing programs.</p><p>Today, that plug-in has become a top security risk, along with Adobe Flash. Partly to blame for the problem is Oracle, which acquired Sun and its invention in 2009. The database vendor has heightened the risk by failing to launch timely patches.</p><p>The latest security meltdown is a case in point. Despite <a href="http://www.security-explorations.com/en/SE-2012-01-press.html">being warned</a> in April of critical vulnerabilities, Oracle did not get around to releasing an emergency patch until last week, after reports that cyber-criminals were exploiting the flaws. Security Explorations, the Polish firm that first reported the vulnerabilities to Oracle, <a href="http://www.forbes.com/sites/andygreenberg/2012/08/31/oracles-java-security-woes-mount-as-researchers-spot-a-bug-in-its-critical-bug-fix/">later said</a> the patch contained a flaw that could be used to circumvent the fix.</p><h2>The Latest Threats</h2><p>In the meantime, criminals are having a field day. Atif Mushtaq, security researcher at FireEye, says the number of computers infected with malware exploiting the flaws is growing. As of Tuesday, up to a quarter-million computers had been infected. Hackers are at an advantage because computers users are laggards when it comes to applying Java patches. Up to 60 percent of Java installations are never updated to the latest version, according to <a href="https://community.rapid7.com/community/metasploit/blog/2012/03/29/cve-2012-0507--java-strikes-again">security vendor Rapid7.</a></p><p>Over the just-past Labor Day weekend, the SANS Institute’s Internet Storm Center and Websense reported finding separate phishing campaigns trying to lure people to malicious sites capable of exploiting the vulnerabilities. <a href="http://isc.sans.edu/diary.html?storyid=14020">SANS discovered</a> link-carrying emails that copied a recent Microsoft message about service agreement changes. <a href="http://community.websense.com/blogs/securitylabs/">Websense found</a> emails disguised as order verification messages from Amazon.</p><p>Security experts rate the latest flaws as critical, because hackers can use them to commandeer a computer and take whatever data they want. Risking that kind of damage for a technology with little purpose makes no sense.</p><h2>What Security Experts Advise</h2><p>Security experts are hard pressed to say what Java does for most people. While some online games and business applications need a Java plug-in to run, nearly all modern sites, including Facebook and Twitter, use JavaScript, XML and HTML 5, which run natively in the browser. Therefore, people could happily surf the Web for years without ever running Java.</p><p>Those who are using a Java application, should run it in a dedicated browser that’s used for nothing else, Patrik Runald, director of security research at Websense, says. Another browser should be used for daily Web surfing. “I’ve run a browser with Java disabled for years,” he said.</p><p>Supporters once believed that Java would play a significant role in running Web applications. That never happened. Instead, browsers became the operating system for the Web. “(Java) never took off the way it was anticipated,” Runald said.</p><p>So the verdict is clear. Disable Java plug-ins in all browsers, whether Firefox, Chrome or Internet Explorer. Java’s glory days are over and it’s time to pull the plug.</p><p></p><p><em>Image courtesy of <a href="http://www.shutterstock.com">Shutterstock</a>.</em></p><img src="http://feeds.feedburner.com/~r/readwriteweb/hack/~4/nmvzvkR6PYw" height="1" width="1" alt=""/>http://feedproxy.google.com/~r/readwriteweb/hack/~3/nmvzvkR6PYw/java-is-no-longer-needed-pull-the-plug-inhttp://readwrite.com/2012/09/05/java-is-no-longer-needed-pull-the-plug-inWed, 05 Sep 2012 13:30:00 GMThttp://readwrite.com/2012/09/05/java-is-no-longer-needed-pull-the-plug-in